Vulnerabilites related to broadcom - igateway
Vulnerability from fkie_nvd
Published
2005-10-13 22:02
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:igateway:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4F8E1B-D85A-42E4-83CE-4BBC365D17E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:igateway:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1120BAF3-910D-4928-80BB-25FB1F87B671",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests."
}
],
"id": "CVE-2005-3190",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-13T22:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17085"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/86"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015045"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/19920"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15025"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22560"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-200510-0155
Vulnerability from variot
Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests. Multiple Computer Associates products are susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the affected products to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. This issue exists in the iTechnology iGateway component that is included in multiple Computer Associates products. Versions 1.x, 2.x, and the current 4.x versions of the iGateway component are not affected by this issue. Version 3.0.040107 and earlier 3.x versions are affected. This issue is only exploitable if the non-default components are installed, the 'igateway.conf' configuration file has debugging enabled, and the service is then manually restarted. Computer Associates is the world's leading security vendor, products include a variety of antivirus software.
TITLE: CA iGateway Debug Mode HTTP GET Request Buffer Overflow
SECUNIA ADVISORY ID: SA17085
VERIFY ADVISORY: http://secunia.com/advisories/17085/
CRITICAL: Moderately critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: CA iGateway 4.x http://secunia.com/product/5821/ CA iGateway 3.x http://secunia.com/product/5820/
DESCRIPTION: Erika Mendoza has reported a vulnerability in CA iGateway, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error when parsing HTTP GET requests.
Successful exploitation requires that debug mode is enabled.
The vulnerability has been reported in version 3.0 and 4.0 released prior to 2005-06-23.
Note: Exploit code for this vulnerability is publicly available.
SOLUTION: The vendor recommends that iGateway should not be run in debug mode.
PROVIDED AND/OR DISCOVERED BY: Erika Mendoza
ORIGINAL ADVISORY: http://www3.ca.com/threatinfo/vulninfo/vuln.aspx?id=33485
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200510-0155",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "igateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "igateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "4.0"
},
{
"model": "igateway",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "3.0"
},
{
"model": "igateway",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "4.0"
},
{
"model": "associates unicenter web server management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter service matrix analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter service level management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter service fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter service fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter service desk knowledge tools",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter service delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter service catalog/fulfillment/accounting",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter mq management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter management for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter management for weblogic",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter exchange management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter autosys jm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter application server managment",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter application performance monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates harvest change manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates etrust web service security",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust integrated threat management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust identity minder",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust audit irecorders",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust audit irecorders sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.5"
},
{
"model": "associates etrust audit irecorders sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.5"
},
{
"model": "associates etrust audit aries",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust audit aries sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.5"
},
{
"model": "associates etrust audit aries sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.5"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates brightstor srm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor srm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor srm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.4"
},
{
"model": "associates brightstor srm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.3"
},
{
"model": "associates brightstor san manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor san manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor process automation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "9.1"
},
{
"model": "associates arcserve backup for laptops and desktops",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for laptops and desktops",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates advantage data transformer",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
}
],
"sources": [
{
"db": "BID",
"id": "15025"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-074"
},
{
"db": "NVD",
"id": "CVE-2005-3190"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EMendoza erikam@gmail.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-074"
}
],
"trust": 0.6
},
"cve": "CVE-2005-3190",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2005-3190",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-14399",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-3190",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200510-074",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-14399",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14399"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-074"
},
{
"db": "NVD",
"id": "CVE-2005-3190"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests. Multiple Computer Associates products are susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the affected products to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. \nThis issue exists in the iTechnology iGateway component that is included in multiple Computer Associates products. \nVersions 1.x, 2.x, and the current 4.x versions of the iGateway component are not affected by this issue. Version 3.0.040107 and earlier 3.x versions are affected. This issue is only exploitable if the non-default components are installed, the \u0027igateway.conf\u0027 configuration file has debugging enabled, and the service is then manually restarted. Computer Associates is the world\u0027s leading security vendor, products include a variety of antivirus software. \n\nTITLE:\nCA iGateway Debug Mode HTTP GET Request Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA17085\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17085/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nCA iGateway 4.x\nhttp://secunia.com/product/5821/\nCA iGateway 3.x\nhttp://secunia.com/product/5820/\n\nDESCRIPTION:\nErika Mendoza has reported a vulnerability in CA iGateway, which can\nbe exploited by malicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to a boundary error when parsing HTTP\nGET requests. \n\nSuccessful exploitation requires that debug mode is enabled. \n\nThe vulnerability has been reported in version 3.0 and 4.0 released\nprior to 2005-06-23. \n\nNote: Exploit code for this vulnerability is publicly available. \n\nSOLUTION:\nThe vendor recommends that iGateway should not be run in debug mode. \n\nPROVIDED AND/OR DISCOVERED BY:\nErika Mendoza\n\nORIGINAL ADVISORY:\nhttp://www3.ca.com/threatinfo/vulninfo/vuln.aspx?id=33485\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3190"
},
{
"db": "BID",
"id": "15025"
},
{
"db": "VULHUB",
"id": "VHN-14399"
},
{
"db": "PACKETSTORM",
"id": "40602"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-14399",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14399"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "15025",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "17085",
"trust": 1.8
},
{
"db": "SREASON",
"id": "86",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015045",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "19920",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2005-3190",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200510-074",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-71303",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "1243",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16801",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-14399",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "40602",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14399"
},
{
"db": "BID",
"id": "15025"
},
{
"db": "PACKETSTORM",
"id": "40602"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-074"
},
{
"db": "NVD",
"id": "CVE-2005-3190"
}
]
},
"id": "VAR-200510-0155",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14399"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:49:54.285000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3190"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15025"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/19920"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015045"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17085"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/86"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22560"
},
{
"trust": 0.3,
"url": "http://www.ca.com/"
},
{
"trust": 0.3,
"url": "/archive/1/413408"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17085/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www3.ca.com/threatinfo/vulninfo/vuln.aspx?id=33485"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5821/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5820/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14399"
},
{
"db": "BID",
"id": "15025"
},
{
"db": "PACKETSTORM",
"id": "40602"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-074"
},
{
"db": "NVD",
"id": "CVE-2005-3190"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14399"
},
{
"db": "BID",
"id": "15025"
},
{
"db": "PACKETSTORM",
"id": "40602"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-074"
},
{
"db": "NVD",
"id": "CVE-2005-3190"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-14399"
},
{
"date": "2005-10-06T00:00:00",
"db": "BID",
"id": "15025"
},
{
"date": "2005-10-11T23:51:24",
"db": "PACKETSTORM",
"id": "40602"
},
{
"date": "2005-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-074"
},
{
"date": "2005-10-13T22:02:00",
"db": "NVD",
"id": "CVE-2005-3190"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-14399"
},
{
"date": "2005-10-06T00:00:00",
"db": "BID",
"id": "15025"
},
{
"date": "2021-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-074"
},
{
"date": "2024-11-21T00:01:18.933000",
"db": "NVD",
"id": "CVE-2005-3190"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-074"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Computer Associates Multiple products HTTP Request remote overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-074"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-074"
}
],
"trust": 0.6
}
}
CVE-2005-3190 (GCVE-0-2005-3190)
Vulnerability from cvelistv5
Published
2005-10-13 04:00
Modified
2024-08-07 23:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/15025 | vdb-entry, x_refsource_BID | |
| http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/17085 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/19920 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22560 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1015045 | vdb-entry, x_refsource_SECTRACK | |
| http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html | mailing-list, x_refsource_FULLDISC | |
| http://securityreason.com/securityalert/86 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15025",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15025"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"
},
{
"name": "17085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17085"
},
{
"name": "19920",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19920"
},
{
"name": "20051014 CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html"
},
{
"name": "brightstor-igateway-http-get-bo(22560)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22560"
},
{
"name": "1015045",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015045"
},
{
"name": "20051019 RE: CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html"
},
{
"name": "86",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/86"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15025",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15025"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"
},
{
"name": "17085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17085"
},
{
"name": "19920",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19920"
},
{
"name": "20051014 CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html"
},
{
"name": "brightstor-igateway-http-get-bo(22560)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22560"
},
{
"name": "1015045",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015045"
},
{
"name": "20051019 RE: CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html"
},
{
"name": "86",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/86"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15025"
},
{
"name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485",
"refsource": "CONFIRM",
"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"
},
{
"name": "17085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17085"
},
{
"name": "19920",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19920"
},
{
"name": "20051014 CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html"
},
{
"name": "brightstor-igateway-http-get-bo(22560)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22560"
},
{
"name": "1015045",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015045"
},
{
"name": "20051019 RE: CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html"
},
{
"name": "86",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/86"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3190",
"datePublished": "2005-10-13T04:00:00",
"dateReserved": "2005-10-13T00:00:00",
"dateUpdated": "2024-08-07T23:01:58.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}