CVE-2010-3984
CA ARCserve Replication and High Availability - Remote Code Execution via SOAP Request
Title source: llmDescription
Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx.
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42561
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-263/
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/515115/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45317
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1024852
Vendor Advisory x_refsource_confirm
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7bFEB41CE8-5023-46DF-B257-5299F492BF23%7d
Scores
EPSS
0.0532
EPSS Percentile
91.7%
Details
CWE
CWE-119
Status
published
Products (7)
ca/arcserve_replication_and_high_availability
r15.0 sp1
ca/xosoft_content_distribution
r12.0 sp1
ca/xosoft_content_distribution
r12.5 sp2
ca/xosoft_high_availability
r12.0 sp1
ca/xosoft_high_availability
r12.5 sp2
ca/xosoft_replication
r12.0 sp1
ca/xosoft_replication
r12.5 sp2
Published
Jan 07, 2011
Tracked Since
Feb 18, 2026