Podatność CVE-2005-3653
Publikacja: 2005-12-31   Modyfikacja: 2012-02-12

Opis:
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]
Erika Mendoza
28.01.2006

Typ:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
10/10
10/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
CA -> Unicenter application performance monitor 
CA -> Brightstor arcserve backup 
CA -> Unicenter application server managment 
CA -> Brightstor arcserve backup laptops desktops 
CA -> Unicenter asset portfolio management 
CA -> Brightstor enterprise backup 
CA -> Unicenter autosys jm 
CA -> Brightstor portal 
CA -> Unicenter ca web services distributed management 
CA -> Brightstor process automation manager 
CA -> Unicenter exchange management console 
CA -> Brightstor san manager 
CA -> Unicenter management 
CA -> Brightstor storage resource manager 
CA -> Unicenter service catalog fulfillment accounting 
CA -> Etrust admin 
CA -> Unicenter service delivery 
CA -> Etrust audit aries 
CA -> Unicenter service desk 
CA -> Etrust audit irecorder 
CA -> Unicenter service desk knowledge tools 
CA -> Etrust directory 
CA -> Unicenter service fulfillment 
CA -> Etrust identity minder 
CA -> Unicenter service level management 
CA -> Etrust integrated threat management 
CA -> Unicenter service metric analysis 
CA -> Etrust secure content manager 
CA -> Unicenter web server management 
CA -> Itechnology igateway 
CA -> Unicenter web services distributed management 

 Referencje:
http://marc.info/?l=full-disclosure&m=113803349715927&w=2
http://securityreason.com/securityalert/380
http://securitytracker.com/id?1015526
http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376
http://www.securityfocus.com/archive/1/423288/100/0/threaded
http://www.securityfocus.com/archive/1/423403/100/0/threaded
http://www.securityfocus.com/bid/16354
http://www.vupen.com/english/advisories/2006/0311
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
https://exchange.xforce.ibmcloud.com/vulnerabilities/24269
Copyright 2024, cxsecurity.com

 

Back to Top