Computer Associates Total Defense SQL注入和信息泄露漏洞
Computer Associates Total Defense SQL注入和信息泄露漏洞
发布日期:2012-02-08
更新日期:2012-02-09
受影响系统:
Computer Associates Total Defense 12 SE2
Computer Associates Total Defense 12 SE2
Computer Associates Total Defense 12 SE1
不受影响系统:
Computer Associates Total Defense 12 SE3
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 51915
Computer Associates Total Defense是集成了反病毒、反间谍、网关安全、主机入侵防护系统等网络安全服务为一体的多层防护系统。
Computer Associates Total Defense在实现上存在SQL注入和信息泄露漏洞,成功利用后可允许攻击者获取敏感信息、控制应用、访问或修改数据、以系统级别权限通过函数'exec()'执行任意命令,完全控制受影响系统。
<*来源:Andrea Micalizzi aka rgod
链接:http://www.zerodayinitiative.com/advisories/ZDI-12-022/
http://www.zerodayinitiative.com/advisories/ZDI-12-023/
http://www.zerodayinitiative.com/advisories/ZDI-12-024/
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Computer Associates
-------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.cai.com/
评论暂时关闭