CA Gateway Security vulnerable
CA is warning of a critical vulnerability in its Gateway Security 8.1 business security solution that allows attackers to inject malicious code into systems. According to the Zero Day Initiative, special HTTP requests to port 8080 can be used to remotely write code into critical areas of the heap, and the arbitrary code can then be executed within the context of the Gateway Security service.
The company has provided a fix for Gateway Security. Alternatively, users can upgrade to version 9.0. Users of Total Defense Suite r12 are also advised to take action quickly as the vulnerable version of Gateway Security is part of this security package.
- CA20110720-01: Security Notice for CA Gateway Security and Total Defense, security advisory from CA.