CA XOsoft xosoapapi.asmx Multiple Remote Code Execution Vulnerabilities

April 6th, 2010

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates XOsoft Control Replication and High Availability Control Service. Authentication is not required to exploit this vulnerability.

The specific flaws exist within the /ws_man/xosoapapi.asmx SOAP endpoint and occur when submitting malformed requests to the server. Successful exploitation can lead to code execution under the context of the service.

Additional Details

CA has issued an update to correct this vulnerability. More details can be found at:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869

Disclosure Timeline

  • 2009-12-16 - Vulnerability reported to vendor
  • 2010-04-06 - Coordinated public release of advisory

Credit

Andrea Micalizzi aka rgod

Back to Advisories