CVE-2011-2667

Broadcom Total Defense - Memory Corruption

Title source: rule

Description

Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.

References (10)

[Vendor Advisory] http://secunia.com/advisories/45332

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-11-237/

[Various Sources] https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B5E404992-6B58-4C44-A29D-027D05B6285D%7D

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/518934/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/518935/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/48813

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/68736

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1025812

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1025813

[Third Party Advisory] http://securityreason.com/securityalert/8316

Scores

EPSS 0.2524

EPSS Percentile 96.1%

Classification

CWE

CWE-119

Status draft

Affected Products (2)

broadcom/total_defense

ca/gateway_security

Timeline

Published Jul 28, 2011

Tracked Since Feb 18, 2026