CA ARCserve D2D Axis2 Remote Security Bypass Vulnerability

CA has confirmed that a remotely exploitable security issue exists in the Axis2 components of their ARCserve D2D product. CA ARCserve D2D r15 has been confirmed vulnerable.

Exploit code (instructions) exists for this. CA hasn’t provided a patch. The fix is to change the userName and password properties from their defaults (admin/axis2) to something secure in file “c:\program files\CA\ARCserve\D2D\TOMCAT\webapps\WebServiceImpl\WEB-INF\conf\axi22.xml”.

If you are thinking this sounds similar to the Axis2 vulnerability in SAP BusinessObjects described here, you are right – it is the same component in both products. If you have other systems that use Axis2, please review them to see if they are similarly vulnerable.

References:
http://seclists.org/fulldisclosure/2010/Dec/694
http://retrogod.altervista.org/9sg_ca_d2d.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Leave a Reply