Vulnerability-Lookup

CVE-2005-3653 (GCVE-0-2005-3653)

Vulnerability from cvelistv5 – Published: 2006-01-23 20:00 – Updated: 2024-08-07 23:17

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GHSA-PQWM-V5FQ-X4GM

Vulnerability from github – Published: 2022-05-01 02:19 – Updated: 2022-05-01 02:19

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-3653"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-12-31T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.",
  "id": "GHSA-pqwm-v5fq-x4gm",
  "modified": "2022-05-01T02:19:46Z",
  "published": "2022-05-01T02:19:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3653"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18591"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/380"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015526"
    },
    {
      "type": "WEB",
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
    },
    {
      "type": "WEB",
      "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/22688"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/16354"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/0311"
    },
    {
      "type": "WEB",
      "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2006-AVI-046

Vulnerability from certfr_avis - Published: 2006-01-26 - Updated: 2006-01-26

None

Description

Une vulnérabilité a été découverte dans plusieurs produits de la société Computer Associate. Cette vulnérabilité, de type débordement de mémoire et présente dans le module iGateway, peut être exploitée par un utilisateur mal intentionné afin de réaliser un déni de service et/ou exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	BrightStor ARCserve Backup v9.01 ;
N/A	N/A	Unicenter Service Delivery R11 ;
N/A	N/A	BrightStor ARCserve Backup Laptop & Desktop r11.1 ;
N/A	N/A	eTrust Secure Content Manager (SCM) R8 ;
Centreon	Web	Unicenter Web Server Management R11 ;
N/A	N/A	BrightStor Storage Resource Manager r11.1 ;
N/A	N/A	Unicenter Application Performance Monitor R11 ;
N/A	N/A	eTrust Directory R8.1 ;
Liferay	N/A	Unicenter Service Catalog/Fulfillment/Accounting R11 ;
N/A	N/A	eTrust Audit 8.0 (iRecorders et ARIES) ;
Symfony	process	BrightStor Process Automation Manager r11.1 ;
Liferay	N/A	Unicenter AutoSys JM R11 ;
N/A	N/A	BrightStor ARCserve Backup Laptop & Desktop r11 ;
N/A	N/A	Unicenter MQ Management R11 ;
N/A	N/A	eTrust Integrated Threat Management (ITM) R8 ;
Microsoft	Windows	BrightStor ARCserve Backup for Windows r11 ;
N/A	N/A	BrightStor Storage Resource Manager 6.4 ;
Matrix	N/A	Unicenter Service Matrix Analysis R11 ;
N/A	N/A	Unicenter Management for WebLogic / Management for WebSphere R11 ;
N/A	N/A	eTrust Identity Minder 8.0 ;
Liferay	Portal	BrightStor Portal 11.1 ;
N/A	N/A	eTrust Admin 8.1 ;
N/A	N/A	Unicenter Exchange Management R11.
N/A	N/A	Unicenter Service Fulfillment R11 ;
N/A	N/A	BrightStor Enterprise Backup 10.5 ;
N/A	N/A	Unicenter Service Level Management (USLM) R11 ;
N/A	N/A	Unicenter Service Desk R11 ;
N/A	N/A	iGateway versions antérieures à la version 4.0.051230 ;
N/A	N/A	BrightStor Storage Resource Manager 6.3 ;
N/A	N/A	BrightStor SAN Manager r11.5 ;
Liferay	N/A	Unicenter Service Desk Knowledge Tools R11 ;
N/A	N/A	BrightStor ARCserve Backup r11.5 ;
N/A	N/A	Advantage Data Transformer (ADT) R2.2 ;
Centreon	Web	Unicenter CA Web Services Distributed Management R11 ;
Liferay	N/A	Unicenter Asset Portfolio Management R11 ;
Liferay	N/A	Unicenter Service Fulfillment 2.2 ;
N/A	N/A	eTrust Audit 1.5 SP2 (iRecorders et ARIES) ;
N/A	N/A	BrightStor Storage Resource Manager r11.5 ;
N/A	N/A	Unicenter Application Server Managment R11 ;
N/A	N/A	BrightStor ARCserve Backup r11.1 ;
N/A	N/A	BrightStor SAN Manager r11.1 ;
N/A	N/A	eTrust Audit 1.5 SP3 (iRecorders et ARIES) ;

References

Title

Publication Time

FKIE_CVE-2005-3653

Vulnerability from fkie_nvd - Published: 2005-12-31 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://marc.info/?l=full-disclosure&m=113803349715927&w=2
cve@mitre.org	http://secunia.com/advisories/18591	Patch, Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/380
cve@mitre.org	http://securitytracker.com/id?1015526	Patch
cve@mitre.org	http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp	Patch, Vendor Advisory
cve@mitre.org	http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376	Patch, Vendor Advisory
cve@mitre.org	http://www.osvdb.org/22688	Patch
cve@mitre.org	http://www.securityfocus.com/archive/1/423288/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/423403/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/16354	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/0311	Vendor Advisory
cve@mitre.org	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/24269
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=full-disclosure&m=113803349715927&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18591	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/380
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015526	Patch
af854a3a-2127-422b-91ae-364da2661108	http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/22688	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/423288/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/423403/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16354	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/0311	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/24269

Impacted products

Vendor	Product	Version
broadcom	brightstor_arcserve_backup	9.01
broadcom	brightstor_arcserve_backup	11.1
broadcom	brightstor_arcserve_backup	11.5
broadcom	brightstor_arcserve_backup_laptops_desktops	11.0
broadcom	brightstor_arcserve_backup_laptops_desktops	11.1
broadcom	brightstor_portal	11.1
broadcom	brightstor_process_automation_manager	11.1
broadcom	brightstor_san_manager	11.1
broadcom	brightstor_san_manager	11.5
broadcom	brightstor_storage_resource_manager	6.3
broadcom	brightstor_storage_resource_manager	6.4
broadcom	brightstor_storage_resource_manager	11.1
broadcom	brightstor_storage_resource_manager	11.5
broadcom	etrust_admin	8.1
broadcom	etrust_audit_aries	8.0
broadcom	etrust_audit_irecorder	1.5
broadcom	etrust_audit_irecorder	1.5
broadcom	etrust_audit_irecorder	8.0
broadcom	etrust_identity_minder	8.0
broadcom	etrust_integrated_threat_management	8.0
broadcom	itechnology_igateway	*
broadcom	unicenter_asset_portfolio_management	11.0
broadcom	unicenter_autosys_jm	11.0
broadcom	unicenter_service_delivery	11.0
broadcom	unicenter_service_desk	11.0
broadcom	unicenter_service_desk_knowledge_tools	11.0
broadcom	unicenter_service_fulfillment	2.2
broadcom	unicenter_service_metric_analysis	11.0
ca	brightstor_arcserve_backup	11
ca	brightstor_enterprise_backup	10.0
ca	brightstor_enterprise_backup	10.5
ca	brightstor_enterprise_backup	10.5
ca	brightstor_enterprise_backup	10.5
ca	etrust_audit_aries	1.5
ca	etrust_audit_aries	1.5
ca	etrust_directory	8.1_web_components
ca	etrust_secure_content_manager	8.0
ca	unicenter_application_performance_monitor	11.0
ca	unicenter_application_server_managment	11.0
ca	unicenter_ca_web_services_distributed_management	11.0
ca	unicenter_exchange_management_console	11.0
ca	unicenter_management	3.5
ca	unicenter_management	11.0
ca	unicenter_management	11.0
ca	unicenter_service_catalog_fulfillment_accounting	11.0
ca	unicenter_service_fulfillment	11.0
ca	unicenter_service_level_management	11.0
ca	unicenter_web_server_management	11.0
ca	unicenter_web_services_distributed_management	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB993B2-9A44-40E2-AA05-0CAD04BDC26D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7461AE5-2067-4964-93B7-560CD02CEAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_portal:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F206D15-FF0D-400E-9727-5DA6C07B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_process_automation_manager:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD04989D-D045-4693-87DA-16754D9BF644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_san_manager:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA67A49C-688A-4B6E-8B90-BEC937FCEE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_san_manager:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFD847AD-8AD1-40C1-9582-CC234D900CEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D35A8A-BB31-4FC6-8031-D93FE7347A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7384B78-1F35-4DB4-A128-EBE33FD70C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3F5A1F3-EEE3-4187-9F44-545EB21EF121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "152FDE32-0525-4F1E-9BD5-A3EB47644B03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_admin:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "08594EFB-E04B-42E8-BE00-C3ACDB62BA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_audit_aries:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBBF77AF-542C-49E8-8F5A-1C0DB73F2DE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_audit_irecorder:1.5:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "6829D317-1AB6-471B-9CE4-563C4FFB290D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_audit_irecorder:1.5:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "571D4793-63EE-4A9D-991B-0F92842BDF58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_audit_irecorder:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F182A43-4999-441D-9B37-093E033BAADC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_identity_minder:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DF2F1AC-CF62-47CE-96B3-08CE412A7D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_integrated_threat_management:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "045F1ADA-E9D1-4C8B-9275-040939E73A6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:itechnology_igateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA60254A-F0BE-4E53-9D04-C3F4D80E662D",
              "versionEndIncluding": "4.0.050615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_asset_portfolio_management:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3358719-780A-41E1-A09A-7C27C921D6DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_autosys_jm:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "388A5565-442B-441C-B727-586B23FE8540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_service_delivery:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "137A1E55-CDF0-49FF-9A63-5FB44BA9FC40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_service_desk:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2247ED3-2CF1-49A5-9456-F51164A1D220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_service_desk_knowledge_tools:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3046725F-B0C5-4625-AE5D-8B6C7DC9A085",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_service_fulfillment:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF7FADA4-429F-4658-A47C-DCB13D6ED903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_service_metric_analysis:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "607CA384-B71B-460F-ACCF-ACCBC9C17FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
              "matchCriteriaId": "6E236148-4A57-4FDC-A072-A77D3DD2DB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.0:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "15862D0F-90C0-46A3-8457-B1FD8877CC74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "196FFF4A-1976-477B-927F-82A3CBECA530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:tru64:*:*:*:*:*",
              "matchCriteriaId": "5DC10E01-4694-4699-9C8D-328627F515D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:windows_64-bit:*:*:*:*:*",
              "matchCriteriaId": "2C3C45FE-C057-4DF2-8D68-892C9DD47ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:etrust_audit_aries:1.5:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "473DC00E-B779-4CB4-A165-DE2954F225C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:etrust_audit_aries:1.5:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A7A0ED34-94B3-447E-8CF2-8439FAF05894",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:etrust_directory:8.1_web_components:*:*:*:*:*:*:*",
              "matchCriteriaId": "F148F27B-50D6-4C29-BC9D-1E11B783808D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB54A16-5E56-46FC-A49C-56C98C0B8F1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_application_performance_monitor:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "96C5D628-2CBB-4ED1-B7C1-C2ABE6A8E2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_application_server_managment:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54A75987-8E51-4D25-965D-343E8F07BC25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_ca_web_services_distributed_management:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48726411-E052-4F4A-9EAC-7616059E3599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_exchange_management_console:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1ADE61A-3096-4079-B586-00B977B5E523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_management:3.5:*:websphere_mq:*:*:*:*:*",
              "matchCriteriaId": "0FE2A55B-A89D-470E-8E9E-4B1B0FB1C4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_management:11.0:*:weblogic:*:*:*:*:*",
              "matchCriteriaId": "07E5BAC2-FF02-4ADC-9939-AE93B60E53E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_management:11.0:*:websphere:*:*:*:*:*",
              "matchCriteriaId": "DBB1EA1F-57BA-4850-B5C2-6900A1DE80CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_service_catalog_fulfillment_accounting:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8045AE85-40C1-4122-B073-8579E84B88D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_service_fulfillment:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8DB1604-AFCB-4D37-9665-9725119570F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_service_level_management:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF170A77-7B4D-4B0F-BA7C-05773E03DFE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_web_server_management:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11364903-CA67-499C-9BE8-36B01FD7E7A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_web_services_distributed_management:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83DFAC82-1835-49EE-AE88-BFFFD2D6C2B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field."
    }
  ],
  "id": "CVE-2005-3653",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18591"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/380"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015526"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/22688"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/16354"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/0311"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015526"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/22688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/16354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/0311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2005-3653

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2005-3653

Aliases

CVE-2005-3653

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-3653",
    "description": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.",
    "id": "GSD-2005-3653"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-3653"
      ],
      "details": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.",
      "id": "GSD-2005-3653",
      "modified": "2023-12-13T01:20:12.374420Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-3653",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1015526",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015526"
          },
          {
            "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
          },
          {
            "name": "22688",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/22688"
          },
          {
            "name": "18591",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18591"
          },
          {
            "name": "16354",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/16354"
          },
          {
            "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778",
            "refsource": "CONFIRM",
            "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
          },
          {
            "name": "380",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/380"
          },
          {
            "name": "ca-igateway-contentlength-bo(24269)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
          },
          {
            "name": "ADV-2006-0311",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/0311"
          },
          {
            "name": "20060127 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
          },
          {
            "name": "20060123 Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow",
            "refsource": "IDEFENSE",
            "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
          },
          {
            "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
          },
          {
            "name": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp",
            "refsource": "CONFIRM",
            "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:windows_64-bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_portal:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_admin:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:etrust_directory:8.1_web_components:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_identity_minder:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_exchange_management_console:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_management:11.0:*:weblogic:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_service_fulfillment:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_service_fulfillment:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_san_manager:11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_aries:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_irecorder:1.5:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_application_performance_monitor:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_application_server_managment:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_asset_portfolio_management:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_service_catalog_fulfillment_accounting:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_service_delivery:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_web_server_management:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_web_services_distributed_management:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.0:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:tru64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_irecorder:1.5:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_irecorder:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_autosys_jm:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_ca_web_services_distributed_management:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_service_desk:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_service_desk_knowledge_tools:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:itechnology_igateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.0.050615",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_process_automation_manager:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_san_manager:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:etrust_audit_aries:1.5:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:etrust_audit_aries:1.5:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_integrated_threat_management:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_management:11.0:*:websphere:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_management:3.5:*:websphere_mq:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_service_level_management:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_service_metric_analysis:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3653"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060123 Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow",
              "refsource": "IDEFENSE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
            },
            {
              "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
            },
            {
              "name": "22688",
              "refsource": "OSVDB",
              "tags": [
                "Patch"
              ],
              "url": "http://www.osvdb.org/22688"
            },
            {
              "name": "16354",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/16354"
            },
            {
              "name": "1015526",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1015526"
            },
            {
              "name": "18591",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/18591"
            },
            {
              "name": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
            },
            {
              "name": "380",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/380"
            },
            {
              "name": "ADV-2006-0311",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0311"
            },
            {
              "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
            },
            {
              "name": "ca-igateway-contentlength-bo(24269)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
            },
            {
              "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
            },
            {
              "name": "20060127 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-04-14T15:41Z",
      "publishedDate": "2005-12-31T05:00Z"
    }
  }
}

VAR-200512-0273

Vulnerability from variot - Updated: 2025-04-03 22:39

Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field. The attacker can trigger the vulnerability by supplying a negative HTTP Content-Length value and a large URI to the service. A successful attack can result in corrupting process memory and the execution of arbitrary code with SYSTEM privileges on Windows platforms. The vendor has reported that this issue triggers only a denial-of-service condition on other platforms. Products containing iGateway 4.0.051230 are vulnerable to this issue. iTechnology is an integrated technology that provides standard Web service interfaces for third-party products. There is a heap overflow vulnerability in iTechnology's processing of HTTP request headers. iGateway service monitors standard HTTP or SSL communication on port 5250. The service does not properly handle negative HTTP Content-Length fields. iGateway parses the Content-length field value of the HTTP request and uses this value directly in the malloc() heap allocation call, so if a negative value is provided, the heap allocation call will return a small buffer. After the malloc() call, memcpy the provided URI to the allocated buffer and overwrite it to the heap.

TITLE: CA Products iGateway Service Content-Length Buffer Overflow

SECUNIA ADVISORY ID: SA18591

VERIFY ADVISORY: http://secunia.com/advisories/18591/

CRITICAL: Moderately critical

IMPACT: System access

WHERE:

From local network

SOFTWARE: BrightStor ARCserve Backup 11.x http://secunia.com/product/312/ BrightStor ARCserve Backup 11.x (for Windows) http://secunia.com/product/3099/ BrightStor ARCserve Backup 9.x http://secunia.com/product/313/ BrightStor ARCserve Backup for Laptops & Desktops 11.x http://secunia.com/product/5906/ BrightStor Enterprise Backup 10.x http://secunia.com/product/314/ BrightStor Process Automation Manager 11.x http://secunia.com/product/5908/ BrightStor Storage Resource Manager 11.x http://secunia.com/product/5909/ BrightStor Storage Resource Manager 6.x http://secunia.com/product/5910/ CA Advantage Data Transformer 2.x http://secunia.com/product/5904/ CA AllFusion Harvest Change Manager 7.x http://secunia.com/product/5905/ CA BrightStor Portal 11.x http://secunia.com/product/5577/ CA BrightStor SAN Manager 11.x http://secunia.com/product/5576/ CA eTrust Admin 8.x http://secunia.com/product/5584/ CA eTrust Audit 1.x http://secunia.com/product/5911/ CA eTrust Audit 8.x http://secunia.com/product/5912/ CA eTrust Identity Minder 8.x http://secunia.com/product/5913/ CA Unicenter Service Fulfillment 2.x http://secunia.com/product/5942/ eTrust Secure Content Manager (SCM) http://secunia.com/product/3391/

DESCRIPTION: Erika Mendoza has reported a vulnerability in various CA products, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the handling of HTTP data in the iGateway component.

SOLUTION: Update the iGateway component to version 4.0.051230 or later. ftp://ftp.ca.com/pub/iTech/downloads/

PROVIDED AND/OR DISCOVERED BY: Erika Mendoza

ORIGINAL ADVISORY: Computer Associates: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778

iDEFENSE: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. Please see below for important changes to CAID 33778 (aka CVE-2005-3653; OSVDB 22688; X-Force 24269; SecurityTracker Alert ID 1015526). Changelog is near end of advisory.

Regards, Ken Williams

Title: CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]

CA Vulnerability ID: 33778

CA Advisory Date: 2006-01-23 Updated Advisory [v1.1]: 2006-01-26

Discovered By: Erika Mendoza reported this issue to iDefense.

Mitigating Factors: None.

Severity: CA has given this vulnerability a Medium risk rating.

Affected Technologies: Please note that the iGateway component is not a product, but rather a common component that is included with multiple products. The iGateway component is included in the following CA products, which are consequently potentially vulnerable.

Affected Products:

BrightStor ARCserve Backup r11.5 BrightStor ARCserve Backup r11.1 BrightStor ARCserve Backup for Windows r11 BrightStor Enterprise Backup 10.5 BrightStor ARCserve Backup v9.01 BrightStor ARCserve Backup Laptop & Desktop r11.1 BrightStor ARCserve Backup Laptop & Desktop r11 BrightStor Process Automation Manager r11.1 BrightStor SAN Manager r11.1 BrightStor SAN Manager r11.5 BrightStor Storage Resource Manager r11.5 BrightStor Storage Resource Manager r11.1 BrightStor Storage Resource Manager 6.4 BrightStor Storage Resource Manager 6.3 BrightStor Portal 11.1

Note to BrightStor Storage Resource Manager and BrightStor Portal users: In addition to the application servers where these products are installed, all hosts that have iSponsors deployed to them for managing applications like Veritas Volume Manager and Tivoli TSM are also affected by this vulnerability.

eTrust Products: eTrust Audit 1.5 SP2 (iRecorders and ARIES) eTrust Audit 1.5 SP3 (iRecorders and ARIES) eTrust Audit 8.0 (iRecorders and ARIES) eTrust Admin 8.1 eTrust Identity Minder 8.0 eTrust Secure Content Manager (SCM) R8 eTrust Integrated Threat Management (ITM) R8 eTrust Directory, R8.1 (Web Components Only)

Unicenter Products: Unicenter CA Web Services Distributed Management R11 Unicenter AutoSys JM R11 Unicenter Management for WebLogic / Management for WebSphere R11 Unicenter Service Delivery R11 Unicenter Service Level Management (USLM) R11 Unicenter Application Performance Monitor R11 Unicenter Service Desk R11 Unicenter Service Desk Knowledge Tools R11 Unicenter Asset Portfolio Management R11 Unicenter Service Metric Analysis R11 Unicenter Service Catalog/Assure/Accounting R11 Unicenter MQ Management R11 Unicenter Application Server Management R11 Unicenter Web Server Management R11 Unicenter Exchange Management R11

Affected platforms: AIX, HP-UX, Linux Intel, Solaris, and Windows

Status and Recommendation: Customers with vulnerable versions of the iGateway component should upgrade to the current version of iGateway (4.0.051230 or later), which is available for download from the following locations: http://supportconnect.ca.com/ ftp://ftp.ca.com/pub/iTech/downloads/

Determining the version of iGateway: To determine the version numbers of the iGateway components:

Go to the igateway directory:

On windows, this is %IGW_LOC% Default path for v3.: C:\Program Files\CA\igateway Default path for v4.: C:\Program Files\CA\SharedComponents\iTechnology

On unix, Default path for v3.: /opt/CA/igateway Default path for v4.: the install directory path is contained in opt/CA/SharedComponents/iTechnology.location. The default path is /opt/CA/SharedComponents/iTechnology

Look at the element in igateway.conf.

The versions are affected by this vulnerability if you see a value LESS THAN the following: 4.0.051230 (note the format of v.s.YYMMDD)

References: (note that URLs may wrap) CA SupportConnect: http://supportconnect.ca.com/ http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_not ice.asp

CAID: 33778 CAID Advisory link: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778

CVE Reference: CVE-2005-3653 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3653

OSVDB Reference: OSVDB-22688 http://osvdb.org/22688

iDefense Reference: Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376

Changelog: v1.0 - Initial Release v1.1 - Removed several unaffected technologies; added more reference links.

Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory, please send email to vuln@ca.com, or contact me directly.

If you discover a vulnerability in CA products, please report your findings to vuln@ca.com, or utilize our "Submit a Vulnerability" form. URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx

Regards, Ken Williams ; 0xE2941985 Dir. of CA Vulnerability Research Team

CA, One Computer Associates Plaza. Islandia, NY 11749

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "unicenter application performance monitor",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "etrust secure content manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ca",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "brightstor arcserve backup",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ca",
        "version": "11"
      },
      {
        "_id": null,
        "model": "etrust directory",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ca",
        "version": "8.1_web_components"
      },
      {
        "_id": null,
        "model": "unicenter application server managment",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "brightstor arcserve backup laptops desktops",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "brightstor process automation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "unicenter service catalog fulfillment accounting",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "unicenter service desk knowledge tools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "brightstor storage resource manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "unicenter autosys jm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "brightstor enterprise backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "10.5"
      },
      {
        "_id": null,
        "model": "brightstor enterprise backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "brightstor san manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "unicenter service level management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "unicenter web server management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "brightstor storage resource manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "brightstor arcserve backup laptops desktops",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "etrust admin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "unicenter web services distributed management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "unicenter management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "brightstor san manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "unicenter service metric analysis",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "etrust audit aries",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "etrust audit irecorder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "unicenter management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "3.5"
      },
      {
        "_id": null,
        "model": "unicenter service fulfillment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "brightstor portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "unicenter service fulfillment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "unicenter asset portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "brightstor storage resource manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.3"
      },
      {
        "_id": null,
        "model": "etrust audit aries",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "etrust audit irecorder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "unicenter ca web services distributed management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "etrust identity minder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "brightstor arcserve backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "itechnology igateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "4.0.050615"
      },
      {
        "_id": null,
        "model": "brightstor arcserve backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "9.01"
      },
      {
        "_id": null,
        "model": "unicenter service desk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "unicenter service delivery",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "brightstor arcserve backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "brightstor storage resource manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.4"
      },
      {
        "_id": null,
        "model": "etrust integrated threat management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "unicenter exchange management console",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "9.01"
      },
      {
        "_id": null,
        "model": "etrust integrated threat management",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "unicenter asset portfolio management",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "etrust identity minder",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "brightstor arcserve backup laptops desktops",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter web server management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter service matrix analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter service level management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter service fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter service fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "associates unicenter service desk knowledge tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter service desk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter service delivery",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter service catalog/fulfillment/accounting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter mq management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter management for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter management for weblogic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter exchange management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter ca web services distributed management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter autosys jm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter asset portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter application server managment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter application performance monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates etrust secure content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "associates etrust integrated threat management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "associates etrust identity minder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "associates etrust directory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "associates etrust audit irecorders",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "associates etrust audit irecorders sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "associates etrust audit irecorders sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "associates etrust audit aries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "associates etrust audit aries sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "associates etrust audit aries sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "associates etrust admin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "associates brightstor srm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "associates brightstor srm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "associates brightstor srm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6.4"
      },
      {
        "_id": null,
        "model": "associates brightstor srm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6.3"
      },
      {
        "_id": null,
        "model": "associates brightstor san manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "associates brightstor san manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "associates brightstor process automation manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "associates brightstor portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "associates brightstor enterprise backup for windows bit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6410.5"
      },
      {
        "_id": null,
        "model": "associates brightstor enterprise backup for tru64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "10.5"
      },
      {
        "_id": null,
        "model": "associates brightstor enterprise backup for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "10.5"
      },
      {
        "_id": null,
        "model": "associates brightstor enterprise backup for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "associates brightstor arcserve backup for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "9.01"
      },
      {
        "_id": null,
        "model": "associates arcserve backup for laptops and desktops",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "associates arcserve backup for laptops and desktops",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "16354"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3653"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Erika Mendoza",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2005-3653",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2005-3653",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-14861",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2005-3653",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200512-713",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-14861",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14861"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3653"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field. \nThe attacker can trigger the vulnerability by supplying a negative HTTP Content-Length value and a large URI to the service. \nA successful attack can result in corrupting process memory and the execution of arbitrary code with SYSTEM privileges on Windows platforms. The vendor has reported that this issue triggers only a denial-of-service condition on other platforms. \nProducts containing iGateway 4.0.051230 are vulnerable to this issue. iTechnology is an integrated technology that provides standard Web service interfaces for third-party products. There is a heap overflow vulnerability in iTechnology\u0027s processing of HTTP request headers. iGateway service monitors standard HTTP or SSL communication on port 5250. The service does not properly handle negative HTTP Content-Length fields. iGateway parses the Content-length field value of the HTTP request and uses this value directly in the malloc() heap allocation call, so if a negative value is provided, the heap allocation call will return a small buffer. After the malloc() call, memcpy the provided URI to the allocated buffer and overwrite it to the heap. \n\nTITLE:\nCA Products iGateway Service Content-Length Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA18591\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18591/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nBrightStor ARCserve Backup 11.x\nhttp://secunia.com/product/312/\nBrightStor ARCserve Backup 11.x (for Windows)\nhttp://secunia.com/product/3099/\nBrightStor ARCserve Backup 9.x\nhttp://secunia.com/product/313/\nBrightStor ARCserve Backup for Laptops \u0026 Desktops 11.x\nhttp://secunia.com/product/5906/\nBrightStor Enterprise Backup 10.x\nhttp://secunia.com/product/314/\nBrightStor Process Automation Manager 11.x\nhttp://secunia.com/product/5908/\nBrightStor Storage Resource Manager 11.x\nhttp://secunia.com/product/5909/\nBrightStor Storage Resource Manager 6.x\nhttp://secunia.com/product/5910/\nCA Advantage Data Transformer 2.x\nhttp://secunia.com/product/5904/\nCA AllFusion Harvest Change Manager 7.x\nhttp://secunia.com/product/5905/\nCA BrightStor Portal 11.x\nhttp://secunia.com/product/5577/\nCA BrightStor SAN Manager 11.x\nhttp://secunia.com/product/5576/\nCA eTrust Admin 8.x\nhttp://secunia.com/product/5584/\nCA eTrust Audit 1.x\nhttp://secunia.com/product/5911/\nCA eTrust Audit 8.x\nhttp://secunia.com/product/5912/\nCA eTrust Identity Minder 8.x\nhttp://secunia.com/product/5913/\nCA Unicenter Service Fulfillment 2.x\nhttp://secunia.com/product/5942/\neTrust Secure Content Manager (SCM)\nhttp://secunia.com/product/3391/\n\nDESCRIPTION:\nErika Mendoza has reported a vulnerability in various CA products,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nThe vulnerability is caused due to a boundary error in the handling\nof HTTP data in the iGateway component. \n\nSOLUTION:\nUpdate the iGateway component to version 4.0.051230 or later. \nftp://ftp.ca.com/pub/iTech/downloads/\n\nPROVIDED AND/OR DISCOVERED BY:\nErika Mendoza\n\nORIGINAL ADVISORY:\nComputer Associates: \nhttp://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778\n\niDEFENSE:\nhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=376\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \nPlease see below for important changes to CAID 33778 (aka CVE-2005-3653;\nOSVDB 22688; X-Force 24269; SecurityTracker Alert ID 1015526). \nChangelog is near end of advisory. \n\nRegards,\nKen Williams\n\n\nTitle: CAID 33778 - CA iGateway Content-Length Buffer Overflow \nVulnerability [v1.1]\n\nCA Vulnerability ID: 33778\n\nCA Advisory Date: 2006-01-23\nUpdated Advisory [v1.1]: 2006-01-26\n\nDiscovered By: Erika Mendoza reported this issue to iDefense. \n\n\nMitigating Factors: None. \n\n\nSeverity: CA has given this vulnerability a Medium risk rating. \n\n\nAffected Technologies: Please note that the iGateway component is\nnot a product, but rather a common component that is included \nwith multiple products.  The iGateway component is included in \nthe following CA products, which are consequently potentially \nvulnerable. \n\n\nAffected Products:\n\nBrightStor ARCserve Backup r11.5\nBrightStor ARCserve Backup r11.1\nBrightStor ARCserve Backup for Windows r11\nBrightStor Enterprise Backup 10.5\nBrightStor ARCserve Backup v9.01\nBrightStor ARCserve Backup Laptop \u0026 Desktop r11.1\nBrightStor ARCserve Backup Laptop \u0026 Desktop r11\nBrightStor Process Automation Manager r11.1\nBrightStor SAN Manager r11.1\nBrightStor SAN Manager r11.5\nBrightStor Storage Resource Manager r11.5\nBrightStor Storage Resource Manager r11.1\nBrightStor Storage Resource Manager 6.4\nBrightStor Storage Resource Manager 6.3\nBrightStor Portal 11.1\n\nNote to BrightStor Storage Resource Manager and BrightStor Portal\nusers: In addition to the application servers where these products \nare installed, all hosts that have iSponsors deployed to them for \nmanaging applications like Veritas Volume Manager and Tivoli TSM \nare also affected by this vulnerability. \n\neTrust Products:\neTrust Audit 1.5 SP2 (iRecorders and ARIES)\neTrust Audit 1.5 SP3 (iRecorders and ARIES)\neTrust Audit 8.0 (iRecorders and ARIES)\neTrust Admin 8.1\neTrust Identity Minder 8.0\neTrust Secure Content Manager (SCM) R8\neTrust Integrated Threat Management (ITM) R8\neTrust Directory, R8.1 (Web Components Only)\n\nUnicenter Products:\nUnicenter CA Web Services Distributed Management R11\nUnicenter AutoSys JM R11\nUnicenter Management for WebLogic / Management for WebSphere R11\nUnicenter Service Delivery R11\nUnicenter Service Level Management (USLM) R11\nUnicenter Application Performance Monitor R11\nUnicenter Service Desk R11\nUnicenter Service Desk Knowledge Tools R11\nUnicenter Asset Portfolio Management R11\nUnicenter Service Metric Analysis R11\nUnicenter Service Catalog/Assure/Accounting R11\nUnicenter MQ Management R11\nUnicenter Application Server Management R11\nUnicenter Web Server Management R11\nUnicenter Exchange Management R11\n\n\nAffected platforms:\nAIX, HP-UX, Linux Intel, Solaris, and Windows\n\n\nStatus and Recommendation: \nCustomers with vulnerable versions of the iGateway component \nshould upgrade to the current version of iGateway (4.0.051230 or \nlater), which is available for download from the following \nlocations:\nhttp://supportconnect.ca.com/\nftp://ftp.ca.com/pub/iTech/downloads/\n\n\nDetermining the version of iGateway:\nTo determine the version numbers of the iGateway components:\n\nGo to the igateway directory:\n\nOn windows, this is %IGW_LOC%\nDefault path for v3.*: C:\\Program Files\\CA\\igateway\nDefault path for v4.*: \nC:\\Program Files\\CA\\SharedComponents\\iTechnology\n\nOn unix, \nDefault path for v3.*: \t/opt/CA/igateway\nDefault path for v4.*: \tthe install directory path is contained in \nopt/CA/SharedComponents/iTechnology.location. \nThe default path is /opt/CA/SharedComponents/iTechnology\n\nLook at the \u003cVersion\u003e element in igateway.conf. \n\nThe versions are affected by this vulnerability if you see \na value LESS THAN the following: \n\u003cVersion\u003e4.0.051230\u003c/Version\u003e  (note the format of v.s.YYMMDD)\n\n\nReferences: \n(note that URLs may wrap)\nCA SupportConnect:\nhttp://supportconnect.ca.com/\nhttp://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_not\nice.asp\n\nCAID: 33778\nCAID Advisory link: \nhttp://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778\n\nCVE Reference: CVE-2005-3653\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3653\n\nOSVDB Reference: OSVDB-22688\nhttp://osvdb.org/22688\n\niDefense Reference:\nComputer Associates iTechnology iGateway Service Content-Length \nBuffer Overflow\nhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=376\n\n\nChangelog:\nv1.0 - Initial Release\nv1.1 - Removed several unaffected technologies; added more \nreference links. \n\n\nCustomers who require additional information should contact CA \nTechnical Support at http://supportconnect.ca.com. \n\nFor technical questions or comments related to this advisory,\nplease send email to vuln@ca.com, or contact me directly. \n\nIf you discover a vulnerability in CA products, please report\nyour findings to vuln@ca.com, or utilize our \"Submit a \nVulnerability\" form. \nURL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx\n\n\nRegards,\nKen Williams ; 0xE2941985\nDir. of CA Vulnerability Research Team\n\n\nCA, One Computer Associates Plaza. Islandia, NY 11749\n\t\nContact http://www3.ca.com/contact/\nLegal Notice http://ca.com/calegal.htm\nPrivacy Policy http://www.ca.com/caprivacy.htm\nCopyright 2006 CA.  All rights reserved",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3653"
      },
      {
        "db": "BID",
        "id": "16354"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14861"
      },
      {
        "db": "PACKETSTORM",
        "id": "43303"
      },
      {
        "db": "PACKETSTORM",
        "id": "43468"
      }
    ],
    "trust": 1.44
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2005-3653",
        "trust": 2.1
      },
      {
        "db": "BID",
        "id": "16354",
        "trust": 2.0
      },
      {
        "db": "OSVDB",
        "id": "22688",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "18591",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1015526",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "380",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-0311",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-14861",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "43303",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "43468",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14861"
      },
      {
        "db": "BID",
        "id": "16354"
      },
      {
        "db": "PACKETSTORM",
        "id": "43303"
      },
      {
        "db": "PACKETSTORM",
        "id": "43468"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3653"
      }
    ]
  },
  "id": "VAR-200512-0273",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14861"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-03T22:39:49.392000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "CA iTechnology iGateway Service negative Content-Length Repair measures for field value buffer error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146825"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14861"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3653"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
      },
      {
        "trust": 1.9,
        "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/16354"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/22688"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1015526"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/18591"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/380"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2006/0311"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.ca.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/423403"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/423288"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=full-disclosure\u0026amp;m=113803349715927\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/314/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5912/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3099/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3391/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5913/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5576/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5577/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5911/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5906/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5904/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5905/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/18591/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5908/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5584/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5909/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5942/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5910/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/313/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/312/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3653"
      },
      {
        "trust": 0.1,
        "url": "http://supportconnect.ca.com."
      },
      {
        "trust": 0.1,
        "url": "http://ca.com/calegal.htm"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/caprivacy.htm"
      },
      {
        "trust": 0.1,
        "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_not"
      },
      {
        "trust": 0.1,
        "url": "http://osvdb.org/22688"
      },
      {
        "trust": 0.1,
        "url": "http://supportconnect.ca.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www3.ca.com/contact/"
      },
      {
        "trust": 0.1,
        "url": "http://www3.ca.com/securityadvisor/vulninfo/submit.aspx"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14861"
      },
      {
        "db": "BID",
        "id": "16354"
      },
      {
        "db": "PACKETSTORM",
        "id": "43303"
      },
      {
        "db": "PACKETSTORM",
        "id": "43468"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3653"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-14861",
        "ident": null
      },
      {
        "db": "BID",
        "id": "16354",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "43303",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "43468",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3653",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2005-12-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14861",
        "ident": null
      },
      {
        "date": "2006-01-23T00:00:00",
        "db": "BID",
        "id": "16354",
        "ident": null
      },
      {
        "date": "2006-01-25T06:44:12",
        "db": "PACKETSTORM",
        "id": "43303",
        "ident": null
      },
      {
        "date": "2006-01-29T22:15:05",
        "db": "PACKETSTORM",
        "id": "43468",
        "ident": null
      },
      {
        "date": "2005-12-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200512-713",
        "ident": null
      },
      {
        "date": "2005-12-31T05:00:00",
        "db": "NVD",
        "id": "CVE-2005-3653",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-10-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14861",
        "ident": null
      },
      {
        "date": "2007-06-27T19:38:00",
        "db": "BID",
        "id": "16354",
        "ident": null
      },
      {
        "date": "2021-04-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200512-713",
        "ident": null
      },
      {
        "date": "2025-04-03T01:03:51.193000",
        "db": "NVD",
        "id": "CVE-2005-3653",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "CA iTechnology iGateway Service negative Content-Length Field value buffer error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "_id": null,
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2005-3653 (GCVE-0-2005-3653)

GHSA-PQWM-V5FQ-X4GM

CERTA-2006-AVI-046

Description

Solution

FKIE_CVE-2005-3653

GSD-2005-3653

VAR-200512-0273

Tags

Sightings

Nomenclature