Unrated severityNVD Advisory· Published Jul 28, 2011· Updated Apr 29, 2026

CVE-2011-2667

Description

Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.

Affected products

Broadcom Corporation/Total Defense
cpe:2.3:a:broadcom:total_defense:r12:*:*:*:*:*:*:*
Ca/Gateway Security
cpe:2.3:a:ca:gateway_security:8.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/45332nvdVendor Advisory
securityreason.com/securityalert/8316nvd
securitytracker.com/idnvd
securitytracker.com/idnvd
www.securityfocus.com/archive/1/518934/100/0/threadednvd
www.securityfocus.com/archive/1/518935/100/0/threadednvd
www.securityfocus.com/bid/48813nvd
www.zerodayinitiative.com/advisories/ZDI-11-237/nvd
exchange.xforce.ibmcloud.com/vulnerabilities/68736nvd
support.ca.com/irj/portal/anonymous/phpsupcontentnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.020
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000