cvelistv5 - cve-2005-3190

CVE-2005-3190 (GCVE-0-2005-3190)

Vulnerability from cvelistv5

Published

2005-10-13 04:00

Modified

2024-08-07 23:01

Severity ?

CWE

Summary

Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.

References

URL

Tags

cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html
cve@mitre.org	http://secunia.com/advisories/17085
cve@mitre.org	http://securityreason.com/securityalert/86
cve@mitre.org	http://securitytracker.com/id?1015045
cve@mitre.org	http://www.osvdb.org/19920
cve@mitre.org	http://www.securityfocus.com/bid/15025
cve@mitre.org	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/22560
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17085
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/86
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015045
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/19920
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15025
af854a3a-2127-422b-91ae-364da2661108	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/22560

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:01:58.417Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "15025",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15025"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"
          },
          {
            "name": "17085",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17085"
          },
          {
            "name": "19920",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/19920"
          },
          {
            "name": "20051014 CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html"
          },
          {
            "name": "brightstor-igateway-http-get-bo(22560)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22560"
          },
          {
            "name": "1015045",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015045"
          },
          {
            "name": "20051019 RE: CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html"
          },
          {
            "name": "86",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/86"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-10-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "15025",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15025"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"
        },
        {
          "name": "17085",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17085"
        },
        {
          "name": "19920",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/19920"
        },
        {
          "name": "20051014 CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html"
        },
        {
          "name": "brightstor-igateway-http-get-bo(22560)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22560"
        },
        {
          "name": "1015045",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015045"
        },
        {
          "name": "20051019 RE: CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html"
        },
        {
          "name": "86",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/86"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3190",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "15025",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15025"
            },
            {
              "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485",
              "refsource": "CONFIRM",
              "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"
            },
            {
              "name": "17085",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17085"
            },
            {
              "name": "19920",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/19920"
            },
            {
              "name": "20051014 CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html"
            },
            {
              "name": "brightstor-igateway-http-get-bo(22560)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22560"
            },
            {
              "name": "1015045",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015045"
            },
            {
              "name": "20051019 RE: CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html"
            },
            {
              "name": "86",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/86"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3190",
    "datePublished": "2005-10-13T04:00:00",
    "dateReserved": "2005-10-13T00:00:00",
    "dateUpdated": "2024-08-07T23:01:58.417Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-3190\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-10-13T22:02:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:igateway:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE4F8E1B-D85A-42E4-83CE-4BBC365D17E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:igateway:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1120BAF3-910D-4928-80BB-25FB1F87B671\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/17085\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/86\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1015045\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/19920\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/15025\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/22560\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/17085\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/86\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015045\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/19920\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/15025\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/22560\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

fkie_cve-2005-3190

Vulnerability from fkie_nvd

Published

2005-10-13 22:02

Modified

2025-04-03 01:03

Severity ?

Summary

Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html
cve@mitre.org	http://secunia.com/advisories/17085
cve@mitre.org	http://securityreason.com/securityalert/86
cve@mitre.org	http://securitytracker.com/id?1015045
cve@mitre.org	http://www.osvdb.org/19920
cve@mitre.org	http://www.securityfocus.com/bid/15025
cve@mitre.org	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/22560
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17085
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/86
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015045
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/19920
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15025
af854a3a-2127-422b-91ae-364da2661108	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/22560

Impacted products

	Vendor	Product	Version
	broadcom	igateway	3.0
	broadcom	igateway	4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:igateway:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4F8E1B-D85A-42E4-83CE-4BBC365D17E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:igateway:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1120BAF3-910D-4928-80BB-25FB1F87B671",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests."
    }
  ],
  "id": "CVE-2005-3190",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-10-13T22:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/17085"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/86"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015045"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/19920"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15025"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/86"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/19920"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22560"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2005-3190

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.

Aliases

CVE-2005-3190

Aliases

CVE-2005-3190

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-3190",
    "description": "Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.",
    "id": "GSD-2005-3190"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-3190"
      ],
      "details": "Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.",
      "id": "GSD-2005-3190",
      "modified": "2023-12-13T01:20:13.078910Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-3190",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "15025",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/15025"
          },
          {
            "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485",
            "refsource": "CONFIRM",
            "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"
          },
          {
            "name": "17085",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/17085"
          },
          {
            "name": "19920",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/19920"
          },
          {
            "name": "20051014 CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html"
          },
          {
            "name": "brightstor-igateway-http-get-bo(22560)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22560"
          },
          {
            "name": "1015045",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015045"
          },
          {
            "name": "20051019 RE: CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html"
          },
          {
            "name": "86",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/86"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:igateway:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:igateway:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3190"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"
            },
            {
              "name": "1015045",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015045"
            },
            {
              "name": "15025",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/15025"
            },
            {
              "name": "17085",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/17085"
            },
            {
              "name": "20051014 CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html"
            },
            {
              "name": "20051019 RE: CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html"
            },
            {
              "name": "19920",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/19920"
            },
            {
              "name": "86",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/86"
            },
            {
              "name": "brightstor-igateway-http-get-bo(22560)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22560"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-04-09T16:56Z",
      "publishedDate": "2005-10-13T22:02Z"
    }
  }
}

ghsa-w299-36vw-9mfq

Vulnerability from github

Published

2022-05-01 02:15

Modified

2022-05-01 02:15

Details

Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-3190"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-10-13T22:02:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.",
  "id": "GHSA-w299-36vw-9mfq",
  "modified": "2022-05-01T02:15:22Z",
  "published": "2022-05-01T02:15:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3190"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22560"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17085"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/86"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015045"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/19920"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/15025"
    },
    {
      "type": "WEB",
      "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests. Multiple Computer Associates products are susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the affected products to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. This issue exists in the iTechnology iGateway component that is included in multiple Computer Associates products. Versions 1.x, 2.x, and the current 4.x versions of the iGateway component are not affected by this issue. Version 3.0.040107 and earlier 3.x versions are affected. This issue is only exploitable if the non-default components are installed, the 'igateway.conf' configuration file has debugging enabled, and the service is then manually restarted. Computer Associates is the world's leading security vendor, products include a variety of antivirus software.

TITLE: CA iGateway Debug Mode HTTP GET Request Buffer Overflow

SECUNIA ADVISORY ID: SA17085

VERIFY ADVISORY: http://secunia.com/advisories/17085/

CRITICAL: Moderately critical

IMPACT: System access

WHERE:

From remote

SOFTWARE: CA iGateway 4.x http://secunia.com/product/5821/ CA iGateway 3.x http://secunia.com/product/5820/

DESCRIPTION: Erika Mendoza has reported a vulnerability in CA iGateway, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error when parsing HTTP GET requests.

Successful exploitation requires that debug mode is enabled.

The vulnerability has been reported in version 3.0 and 4.0 released prior to 2005-06-23.

Note: Exploit code for this vulnerability is publicly available.

SOLUTION: The vendor recommends that iGateway should not be run in debug mode.

PROVIDED AND/OR DISCOVERED BY: Erika Mendoza

ORIGINAL ADVISORY: http://www3.ca.com/threatinfo/vulninfo/vuln.aspx?id=33485

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200510-0155",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "igateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "3.0"
      },
      {
        "model": "igateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "4.0"
      },
      {
        "model": "igateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "3.0"
      },
      {
        "model": "igateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "4.0"
      },
      {
        "model": "associates unicenter web server management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter service matrix analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter service level management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter service fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter service fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.2"
      },
      {
        "model": "associates unicenter service desk knowledge tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter service desk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter service delivery",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter service catalog/fulfillment/accounting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter mq management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter management for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter management for weblogic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter exchange management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter ca web services distributed management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter autosys jm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter asset portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter application server managment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter application performance monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates harvest change manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "7.1"
      },
      {
        "model": "associates etrust web service security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "model": "associates etrust secure content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "model": "associates etrust integrated threat management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "model": "associates etrust identity minder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "model": "associates etrust audit irecorders",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "model": "associates etrust audit irecorders sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.5"
      },
      {
        "model": "associates etrust audit irecorders sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.5"
      },
      {
        "model": "associates etrust audit aries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "model": "associates etrust audit aries sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.5"
      },
      {
        "model": "associates etrust audit aries sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.5"
      },
      {
        "model": "associates etrust admin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "model": "associates etrust admin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "model": "associates brightstor srm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.5"
      },
      {
        "model": "associates brightstor srm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates brightstor srm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6.4"
      },
      {
        "model": "associates brightstor srm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6.3"
      },
      {
        "model": "associates brightstor san manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.5"
      },
      {
        "model": "associates brightstor san manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates brightstor process automation manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates brightstor portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates brightstor enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "10.5"
      },
      {
        "model": "associates brightstor arcserve backup for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.5"
      },
      {
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "9.1"
      },
      {
        "model": "associates arcserve backup for laptops and desktops",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates arcserve backup for laptops and desktops",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates advantage data transformer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "15025"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-074"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3190"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "EMendoza  erikam@gmail.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-074"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2005-3190",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2005-3190",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-14399",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2005-3190",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200510-074",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-14399",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14399"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-074"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3190"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests. Multiple Computer Associates products are susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the affected products to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. \nThis issue exists in the iTechnology iGateway component that is included in multiple Computer Associates products. \nVersions 1.x, 2.x, and the current 4.x versions of the iGateway component are not affected by this issue. Version 3.0.040107 and earlier 3.x versions are affected. This issue is only exploitable if the non-default components are installed, the \u0027igateway.conf\u0027 configuration file has debugging enabled, and the service is then manually restarted. Computer Associates is the world\u0027s leading security vendor, products include a variety of antivirus software. \n\nTITLE:\nCA iGateway Debug Mode HTTP GET Request Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA17085\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17085/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nCA iGateway 4.x\nhttp://secunia.com/product/5821/\nCA iGateway 3.x\nhttp://secunia.com/product/5820/\n\nDESCRIPTION:\nErika Mendoza has reported a vulnerability in CA iGateway, which can\nbe exploited by malicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to a boundary error when parsing HTTP\nGET requests. \n\nSuccessful exploitation requires that debug mode is enabled. \n\nThe vulnerability has been reported in version 3.0 and 4.0 released\nprior to 2005-06-23. \n\nNote: Exploit code for this vulnerability is publicly available. \n\nSOLUTION:\nThe vendor recommends that iGateway should not be run in debug mode. \n\nPROVIDED AND/OR DISCOVERED BY:\nErika Mendoza\n\nORIGINAL ADVISORY:\nhttp://www3.ca.com/threatinfo/vulninfo/vuln.aspx?id=33485\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3190"
      },
      {
        "db": "BID",
        "id": "15025"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14399"
      },
      {
        "db": "PACKETSTORM",
        "id": "40602"
      }
    ],
    "trust": 1.35
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-14399",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14399"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "15025",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "17085",
        "trust": 1.8
      },
      {
        "db": "SREASON",
        "id": "86",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1015045",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "19920",
        "trust": 1.7
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3190",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-074",
        "trust": 0.7
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-71303",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "1243",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "16801",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-14399",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "40602",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14399"
      },
      {
        "db": "BID",
        "id": "15025"
      },
      {
        "db": "PACKETSTORM",
        "id": "40602"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-074"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3190"
      }
    ]
  },
  "id": "VAR-200510-0155",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14399"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:49:54.285000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3190"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/15025"
      },
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html"
      },
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/19920"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1015045"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/17085"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/86"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22560"
      },
      {
        "trust": 0.3,
        "url": "http://www.ca.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/413408"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/17085/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www3.ca.com/threatinfo/vulninfo/vuln.aspx?id=33485"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5821/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5820/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14399"
      },
      {
        "db": "BID",
        "id": "15025"
      },
      {
        "db": "PACKETSTORM",
        "id": "40602"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-074"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3190"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-14399"
      },
      {
        "db": "BID",
        "id": "15025"
      },
      {
        "db": "PACKETSTORM",
        "id": "40602"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-074"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3190"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-10-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14399"
      },
      {
        "date": "2005-10-06T00:00:00",
        "db": "BID",
        "id": "15025"
      },
      {
        "date": "2005-10-11T23:51:24",
        "db": "PACKETSTORM",
        "id": "40602"
      },
      {
        "date": "2005-10-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200510-074"
      },
      {
        "date": "2005-10-13T22:02:00",
        "db": "NVD",
        "id": "CVE-2005-3190"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14399"
      },
      {
        "date": "2005-10-06T00:00:00",
        "db": "BID",
        "id": "15025"
      },
      {
        "date": "2021-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200510-074"
      },
      {
        "date": "2024-11-21T00:01:18.933000",
        "db": "NVD",
        "id": "CVE-2005-3190"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-074"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Computer Associates Multiple products HTTP Request remote overflow vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-074"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-074"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2005-3190 (GCVE-0-2005-3190)

Vulnerability from cvelistv5

fkie_cve-2005-3190

Vulnerability from fkie_nvd

gsd-2005-3190

Vulnerability from gsd

ghsa-w299-36vw-9mfq

Vulnerability from github

var-200510-0155

Vulnerability from variot

Tags

Sightings

Nomenclature