CA's customer support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention System (CA HIPS). A vulnerability exists in the Server installation that can allow a remote attacker to take unauthorized administrative action. CA has issued a patch to address the vulnerability.

The vulnerability, CVE-2007-5472, occurs due to raw request data being displayed in the log when viewed by a browser.

Note: The client installation is not vulnerable.

Risk Rating

Medium

Affected Products

CA Host-Based Intrusion Prevention System (CA HIPS) r8

How to determine if the installation is affected

Log in to the HIPS Administration Console.
Scroll down to the end of the Main page.
Press the "About" link on the right bottom side of the page.
Check the version.

If the version is less than 8.0.0.93, the installation is vulnerable.

Solution

CA has issued the following patch to address the vulnerabilities.

CA Host-Based Intrusion Prevention System (CA HIPS) r8: QO91494

Workaround

None

References

CVE-2007-5472 - log content injection

Acknowledgement

CVE-2007-5472 - David Maciejak

If additional information is required, please contact CA Technical Support at http://supportconnect.ca.com.

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form at http://www3.ca.com/securityadvisor/vulninfo/submit.aspx.

PAGE TOOLS