CVE-2011-3011

CA Arcserve D2d - Information Disclosure

Title source: rule

Description

BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/41707

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by bannedit, rgod · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/ca_arcserve_rpc_authbypass.rb

View Code ZIP pw:eip

References (4)

[Exploit] http://www.securityfocus.com/bid/48897

[Various Sources] https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B7D3ACC0F-6C01-4BE2-B5C0-C430CEB45BE6%7D

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/519234/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/8338

Scores

EPSS 0.6928

EPSS Percentile 98.6%

Classification

CWE

CWE-200

Status draft

Affected Products (1)

ca/arcserve_d2d

Timeline

Published Aug 15, 2011

Tracked Since Feb 18, 2026