Detections
Analytics

CVE-2005-3653

critical

Description

Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24269

http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778

http://www.vupen.com/english/advisories/2006/0311

http://www.securityfocus.com/bid/16354

http://www.securityfocus.com/archive/1/423403/100/0/threaded

http://www.securityfocus.com/archive/1/423288/100/0/threaded

http://www.osvdb.org/22688

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376

http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp

http://securitytracker.com/id?1015526

http://securityreason.com/securityalert/380

http://secunia.com/advisories/18591

http://marc.info/?l=full-disclosure&m=113803349715927&w=2

Details

Source: Mitre, NVD

Published: 2005-12-31

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical