Change Download Preference

Current Preference
Change Preference to:

Security Notice for CA Secure Content Manager HTTP Gateway Service

Issued: June 03, 2008

CA's customer support is alerting customers to security risks associated with CA Secure Content Manager. Multiple vulnerabilities exist in the HTTP Gateway service that can allow a remote attacker to cause a denial of service condition or execute arbitrary code. CA has issued a patch to address the vulnerabilities.

The vulnerabilities, CVE-2008-2541, occur due to insufficient bounds checking on certain FTP requests. An attacker can make a request that will cause the service to fail or allow the attacker to take privileged action on the system.

Risk Rating




Affected Products

CA Secure Content Manager r8

How to determine if the installation is affected


  1. Using a registry editor, determine if the following key exists:


  2. If the key does not exist, the installation is vulnerable


CA has issued the following patch to address the vulnerabilities.

CA Secure Content Manager r8:





CVE-2008-2541 - CA Secure Content Manager multiple FTP buffer overflows


CVE-2008-2541 - Sebastian Apelt working with ZDI/TippingPoint, Cody Pierce, TippingPoint DVLabs

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technical Support at

If you discover a vulnerability in CA products, please report your findings to our product security response team.