Vulnerability CVE-2005-3190
Published: 2005-10-13   Modified: 2012-02-12

Description:
Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability
EMendoza
15.10.2005

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
CA -> Igateway 

 References:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485
http://xforce.iss.net/xforce/xfdb/22560
http://www.securityfocus.com/bid/15025
http://www.osvdb.org/19920
http://securitytracker.com/id?1015045
http://securityreason.com/securityalert/86
http://secunia.com/advisories/17085
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html
Copyright 2024, cxsecurity.com

 

Back to Top