main content
Login United States - English
CA, Transforming IT Management
Search Technical Support:
    • How to Buy
    • Insights
      • Insights by Topic
      • Blogs
      • On-Demand Webcasts
      • Podcasts
      • Success Stories
      • White Papers
      • Smart Enterprise Magazine
    • Partners
      • Channel Partners
      • Service & Consulting Partners
      • OEM Partners
      • Strategic Alliances
      • Technology Partners
      • Partner Locator
      • Partner Portal
    • Support
      • Technical Support
        • Enterprise
        • Small and Medium Business
        • Home and Home Office
      • Customer Care
      • Global Security Advisor
      • User Communities
    • Education
      • Find Education by Product Category
      • Find Courses
      • Learning Paths
      • Accreditations
      • Policies
      • Resources
      • Partners
    • Solutions
      • Enterprise IT Management
      • Capability Solutions
      • Industry Solutions
      • Mainframe
      • On-Demand Solutions
      • Services
    • Products
      • Product Categories
        • Application Development & Databases
        • Application Performance Management
        • Database Management
        • Governance
        • Infrastructure & Operations Management
        • Mainframe
        • Project, Portfolio & Financial Management
        • Security Management
        • Service Management
        • Storage and Recovery Management
      • Product List
      • Demos
      • Special Offers
      • Trials
SupportConnect - Security Notice for CA Host-Based Intrusion Prevention System (CA HIPS) Server
  

Security Notice for CA Host-Based Intrusion Prevention System (CA HIPS) Server

Issued: October 18th, 2007

CA's customer support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention System (CA HIPS). A vulnerability exists in the Server installation that can allow a remote attacker to take unauthorized administrative action. CA has issued a patch to address the vulnerability.

The vulnerability, CVE-2007-5472, occurs due to raw request data being displayed in the log when viewed by a browser.

Note: The client installation is not vulnerable.

Risk Rating

Medium

Affected Products

CA Host-Based Intrusion Prevention System (CA HIPS) r8

How to determine if the installation is affected

  1. Log in to the HIPS Administration Console.

  2. Scroll down to the end of the Main page.

  3. Press the "About" link on the right bottom side of the page.

  4. Check the version.

If the version is less than 8.0.0.93, the installation is vulnerable.

Solution

CA has issued the following patch to address the vulnerabilities.

CA Host-Based Intrusion Prevention System (CA HIPS) r8: QO91494

Workaround

None

References

CVE-2007-5472 - log content injection

Acknowledgement

CVE-2007-5472 - David Maciejak

If additional information is required, please contact CA Technical Support at http://supportconnect.ca.com.

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form at http://www3.ca.com/securityadvisor/vulninfo/submit.aspx.

main content
 
 
 
Page Tools
printPrint
 
 
Sitemap  |  Privacy  |  Legal  |  Copyright © 2008 CA
About Us  |  News  |  Events  |  Contact Us  |  RSS Feeds