Detections
Analytics
CA iTechnology iGateway Service Content-Length Buffer Overflow
critical Nessus Plugin ID 20805
Language:
Synopsis
The remote web server is affected by a buffer overflow vulnerability.Description
The remote host is using CA iTechnology iGateway service, a software component used in various products from CA.The version of the iGateway service installed on the remote host reportedly fails to sanitize Content-Length HTTP header values before using them to allocate heap memory. An attacker can supply a negative value, which causes the software to allocate a small buffer, and then overflow that with a long URI. Successful exploitation of this issue can lead to a server crash or possibly the execution of arbitrary code. Note that, under Windows, the server runs with local SYSTEM privileges.
Solution
Contact the vendor to upgrade to iGateway 4.0.051230 or later.See Also
http://www.nessus.org/u?059ed5ba
http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp
Plugin Details
Severity: Critical
ID: 20805
File Name: igateway_content_length_overflow.nasl
Version: 1.19
Type: remote
Agent: windows
Family: Windows
Published: 1/24/2006
Updated: 6/3/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
Exploit Ease: No known exploits are available
Patch Publication Date: 1/23/2006
Vulnerability Publication Date: 1/23/2006
Reference Information
CVE: CVE-2005-3653
BID: 16354
IAVA: 2006-A-0008-S