Security News

CA ERwin Web Portal Directory Traversal (May 30, 2014)

By

The CA ERwin Web Portal is a simple, customizable, web-based interface that helps users to visualize the important metadata information that is stored in CA ERwin Data Modeler. It allows easy access to information via the web, with a variety of presentation and search formats to cater to a wide range of user types in the organization. The interface serves HTTP requests on port TCP/19980.

CA ERwin Web Portal provides users the ability to download XML configuration files from default configuration directory fulfilled by ConfigServiceProviderServlet servlet on the server. The following is definition of this servlet: 

  ConfigServiceProvider MITI.mimbagent.ConfigServiceProviderServlet 3

A directory traversal vulnerability exists in CA ERwin Web Portal. The vulnerable code fails to properly sanitize the “..” directory traversal pattern in the user supplied data. This allows an attack to create/overwrite XML files outside the designed content folder, which can lead to security restriction bypassing and possibly remote code execution.

Dell SonicWALL threat team has researched this vulnerability and released the following IPS signature for it.

  • IPS:3865 CA ERwin Web Portal Directory Traversal 3

This vulnerability is referred by CVE as CVE-2014-2210.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Voidcrypt ransomware actively spreading in the wild
Microsoft Windows SharePoint Services XSS (May 5, 2010)
Fake Credit Card and IRS notices (June 30, 2011)
RTDMI detects a massive PDF campaign spreading in Russian language
MS IE Style Remote Code Execution Issue (Nov 25, 2009)
IIS FTP Server Buffer Overflow (Sep 3, 2009)
Elmers Glue Locker demands $35k but fails to encrypt! (May 26th, 2017)
Sage 2.2 updated with audio alert and reduced ransom (March 29th, 2017)