CVE-2011-2667

CWE-119Buffer Overflow3 documents3 sources
Severity
10.0CRITICAL
EPSS
25.2%
top 3.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Total DefenseCA Gateway Security
Timeline
PublishedJul 28
Latest updateMay 13

Description

Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-2xj3-5fc8-9rr7: Icihttp2022-05-13
CVEList
CVE-2011-2667: Icihttp2011-07-28
CVE-2011-2667 (CRITICAL CVSS 10) | Icihttp.exe in CA Gateway Security | cvebase.io