Change Download Preference

Current Preference
Change Preference to:

CA20110208-01: Security Advisory for CA Secure Content Manager, Gateway Security

Issued: February 08, 2011
Last Updated: July 25, 2011

CA Technologies support is alerting customers to a security risk with CA Secure Content Manager. A vulnerability exists that can allow a remote attacker to execute arbitrary code.

The vulnerability, CVE-2011-0758, is due to insufficient bounds checking by the eCS component included with Secure Content Manager and Gateway Security. A remote attacker can make a request that will cause a heap overflow, which could possibly result in privileged code execution.

Patches are currently not available. CA support is working towards a resolution. Monitor this notice and the CA Secure Content Manager / Gateway Security product homepage for updates.

Risk Rating




Affected Products

CA Secure Content Manager 8.0
CA Gateway Security 8.1
CA Gateway Security 9.0


CVE-2011-0758 - Secure Content Manager eCS heap overflow


CVE-2011-0758 - Sebastian Apelt through the TippingPoint ZDI

Change History

Version 1.0: Initial Release
Version 1.1: Added Ca Gateway Security 9.0 to the Affected Products list

If additional information is required, please contact CA Technologies Support at

If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team