Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2005-3653

Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.

Published

2005-12-31T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	broadcom	brightstor_arcserve_backup	9.01	Yes
Application	broadcom	brightstor_arcserve_backup	11.1	Yes
Application	broadcom	brightstor_arcserve_backup	11.5	Yes
Application	broadcom	brightstor_arcserve_backup_laptops_desktops	11.0	Yes
Application	broadcom	brightstor_arcserve_backup_laptops_desktops	11.1	Yes
Application	broadcom	brightstor_portal	11.1	Yes
Application	broadcom	brightstor_process_automation_manager	11.1	Yes
Application	broadcom	brightstor_san_manager	11.1	Yes
Application	broadcom	brightstor_san_manager	11.5	Yes
Application	broadcom	brightstor_storage_resource_manager	6.3	Yes
Application	broadcom	brightstor_storage_resource_manager	6.4	Yes
Application	broadcom	brightstor_storage_resource_manager	11.1	Yes
Application	broadcom	brightstor_storage_resource_manager	11.5	Yes
Application	broadcom	etrust_admin	8.1	Yes
Application	broadcom	etrust_audit_aries	8.0	Yes
Application	broadcom	etrust_audit_irecorder	1.5	Yes
Application	broadcom	etrust_audit_irecorder	1.5	Yes
Application	broadcom	etrust_audit_irecorder	8.0	Yes
Application	broadcom	etrust_identity_minder	8.0	Yes
Application	broadcom	etrust_integrated_threat_management	8.0	Yes
Application	broadcom	itechnology_igateway	≤ 4.0.050615	Yes
Application	broadcom	unicenter_asset_portfolio_management	11.0	Yes
Application	broadcom	unicenter_autosys_jm	11.0	Yes
Application	broadcom	unicenter_service_delivery	11.0	Yes
Application	broadcom	unicenter_service_desk	11.0	Yes
Application	broadcom	unicenter_service_desk_knowledge_tools	11.0	Yes
Application	broadcom	unicenter_service_fulfillment	2.2	Yes
Application	broadcom	unicenter_service_metric_analysis	11.0	Yes
Application	ca	brightstor_arcserve_backup	11	Yes
Application	ca	brightstor_enterprise_backup	10.0	Yes
Application	ca	brightstor_enterprise_backup	10.5	Yes
Application	ca	brightstor_enterprise_backup	10.5	Yes
Application	ca	brightstor_enterprise_backup	10.5	Yes
Application	ca	etrust_audit_aries	1.5	Yes
Application	ca	etrust_audit_aries	1.5	Yes
Application	ca	etrust_directory	8.1_web_components	Yes
Application	ca	etrust_secure_content_manager	8.0	Yes
Application	ca	unicenter_application_performance_monitor	11.0	Yes
Application	ca	unicenter_application_server_managment	11.0	Yes
Application	ca	unicenter_ca_web_services_distributed_management	11.0	Yes
Application	ca	unicenter_exchange_management_console	11.0	Yes
Application	ca	unicenter_management	3.5	Yes
Application	ca	unicenter_management	11.0	Yes
Application	ca	unicenter_management	11.0	Yes
Application	ca	unicenter_service_catalog_fulfillment_accounting	11.0	Yes
Application	ca	unicenter_service_fulfillment	11.0	Yes
Application	ca	unicenter_service_level_management	11.0	Yes
Application	ca	unicenter_web_server_management	11.0	Yes
Application	ca	unicenter_web_services_distributed_management	11.0	Yes

References

http://marc.info/?l=full-disclosure&m=113803349715927&w=2 ([email protected])
http://secunia.com/advisories/18591 Patch, Vendor Advisory ([email protected])
http://securityreason.com/securityalert/380 ([email protected])
http://securitytracker.com/id?1015526 Patch ([email protected])
http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp Patch, Vendor Advisory ([email protected])
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376 Patch, Vendor Advisory ([email protected])
http://www.osvdb.org/22688 Patch ([email protected])
http://www.securityfocus.com/archive/1/423288/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/423403/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/16354 Patch ([email protected])
http://www.vupen.com/english/advisories/2006/0311 Vendor Advisory ([email protected])
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/24269 ([email protected])
http://marc.info/?l=full-disclosure&m=113803349715927&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18591 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/380 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1015526 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/22688 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/423288/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/423403/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/16354 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0311 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24269 (af854a3a-2127-422b-91ae-364da2661108)