CERTA-2005-AVI-443
Vulnerability from certfr_avis - Published: 2005-11-08 - Updated: 2005-11-08None
Description
Une vulnérabilité a été découverte dans le traitement des requêtes HTTP GET par iGateway quand le mode debug est activé. Un utilisateur mal intentionné peut, par le biais de requêtes HTTP GET malicieusement constituées, exécuter du code arbitraire à distance.
Solution
Mettre à jour iGateway en version 4.0.050623 ou supérieure.
- Computer Associates iGateway 3.0 (versions antérieures au 23 juin 2005) ;
- Computer Associates iGateway 4.0 (versions antérieures au 23 juin 2005).
Computer Associates iGateway est inclus dans les produits suivants :
- Advantage Data Transformer (ADT) R2.2 ;
- Harvest Change Manager R7.1 ;
- BrightStor ARCserve Backup r11.5 ;
- BrightStor ARCServe Backup r11.1 ;
- BrightStor ARCServe Backup pour Windows r11 ;
- BrightStor Enterprise Backup 10.5 ;
- BrightStor ARCserve Backup v9.01 ;
- BrightStor ARCserve Backup Laptop & Desktop r11.1 ;
- BrightStor ARCserve Backup Laptop & Desktop r11 ;
- BrightStor Process Automation Manager r11.1 ;
- BrightStor SAN Manager r11.1 ;
- BrightStor SAN Manager r11.5 ;
- BrightStor Storage Resource Manager r11.5 ;
- BrightStor Storage Resource Manager r11.1 ;
- BrightStor Storage Resource Manager r6.4 ;
- BrightStor Storage Resource Manager r6.3 ;
- BrightStor Portal 11.1 ;
- eTrust Audit 1.5 SP2 (iRecorders et ARIES) ;
- eTrust Audit 1.5 SP3 (iRecorders et ARIES) ;
- eTrust Audit 8.0 (iRecorders et ARIES) ;
- eTrust Admin 8.0 ;
- eTrust Admin 8.1 ;
- eTrust Identity Minder 8.0 ;
- eTrust Secure Content Manager (SCM) R8 ;
- eTrust Web Service Security R8 ;
- eTrust Integrated Threat Management (ITM) R11 ;
- Unicenter CA Web Services Distributed Management R11 ;
- Unicenter AutoSys JM R11 ;
- Unicenter Management pour Weblogic / Management pour WebSphere R11 ;
- Unicenter Service Delivery R11 ;
- Unicenter Service Level Management (USLM) R11 ;
- Unicenter Application Performance Monitor R11 ;
- Unicenter Service Desk R11 ;
- Unicenter Service Desk Knowledge Tools R11 ;
- Unicenter Service Fulfillment 2.2 ;
- Unicenter Service Fulfillment R11 ;
- Unicenter Asset Portfolio Management R11 ;
- Unicenter Service Matrix Analysis R11 ;
- Unicenter Service Catalog/Fulfillment/Accounting R11 ;
- Unicenter MQ Management R11 ;
- Unicenter Application Server Management R11 ;
- Unicenter Web Server Management R11 ;
- Unicenter Exchange Management R11.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cUL\u003e \u003cLI\u003eComputer Associates iGateway 3.0 (versions ant\u00e9rieures au 23 juin 2005) ;\u003c/LI\u003e \u003cLI\u003eComputer Associates iGateway 4.0 (versions ant\u00e9rieures au 23 juin 2005).\u003c/LI\u003e \u003c/UL\u003e \u003cP\u003e\u003cTT\u003eComputer Associates iGateway\u003c/TT\u003e est inclus dans les produits suivants :\u003c/P\u003e \u003cUL\u003e \u003cLI\u003eAdvantage Data Transformer (ADT) R2.2 ;\u003c/LI\u003e \u003cLI\u003eHarvest Change Manager R7.1 ;\u003c/LI\u003e \u003cLI\u003eBrightStor ARCserve Backup r11.5 ;\u003c/LI\u003e \u003cLI\u003eBrightStor ARCServe Backup r11.1 ;\u003c/LI\u003e \u003cLI\u003eBrightStor ARCServe Backup pour Windows r11 ;\u003c/LI\u003e \u003cLI\u003eBrightStor Enterprise Backup 10.5 ;\u003c/LI\u003e \u003cLI\u003eBrightStor ARCserve Backup v9.01 ;\u003c/LI\u003e \u003cLI\u003eBrightStor ARCserve Backup Laptop \u0026amp; Desktop r11.1 ;\u003c/LI\u003e \u003cLI\u003eBrightStor ARCserve Backup Laptop \u0026amp; Desktop r11 ;\u003c/LI\u003e \u003cLI\u003eBrightStor Process Automation Manager r11.1 ;\u003c/LI\u003e \u003cLI\u003eBrightStor SAN Manager r11.1 ;\u003c/LI\u003e \u003cLI\u003eBrightStor SAN Manager r11.5 ;\u003c/LI\u003e \u003cLI\u003eBrightStor Storage Resource Manager r11.5 ;\u003c/LI\u003e \u003cLI\u003eBrightStor Storage Resource Manager r11.1 ;\u003c/LI\u003e \u003cLI\u003eBrightStor Storage Resource Manager r6.4 ;\u003c/LI\u003e \u003cLI\u003eBrightStor Storage Resource Manager r6.3 ;\u003c/LI\u003e \u003cLI\u003eBrightStor Portal 11.1 ;\u003c/LI\u003e \u003cLI\u003eeTrust Audit 1.5 SP2 (iRecorders et ARIES) ;\u003c/LI\u003e \u003cLI\u003eeTrust Audit 1.5 SP3 (iRecorders et ARIES) ;\u003c/LI\u003e \u003cLI\u003eeTrust Audit 8.0 (iRecorders et ARIES) ;\u003c/LI\u003e \u003cLI\u003eeTrust Admin 8.0 ;\u003c/LI\u003e \u003cLI\u003eeTrust Admin 8.1 ;\u003c/LI\u003e \u003cLI\u003eeTrust Identity Minder 8.0 ;\u003c/LI\u003e \u003cLI\u003eeTrust Secure Content Manager (SCM) R8 ;\u003c/LI\u003e \u003cLI\u003eeTrust Web Service Security R8 ;\u003c/LI\u003e \u003cLI\u003eeTrust Integrated Threat Management (ITM) R11 ;\u003c/LI\u003e \u003cLI\u003eUnicenter CA Web Services Distributed Management R11 ;\u003c/LI\u003e \u003cLI\u003eUnicenter AutoSys JM R11 ;\u003c/LI\u003e \u003cLI\u003eUnicenter Management pour Weblogic / Management pour WebSphere R11 ;\u003c/LI\u003e \u003cLI\u003eUnicenter Service Delivery R11 ;\u003c/LI\u003e \u003cLI\u003eUnicenter Service Level Management (USLM) R11 ;\u003c/LI\u003e \u003cLI\u003eUnicenter Application Performance Monitor R11 ;\u003c/LI\u003e \u003cLI\u003eUnicenter Service Desk R11 ;\u003c/LI\u003e \u003cLI\u003eUnicenter Service Desk Knowledge Tools R11 ;\u003c/LI\u003e \u003cLI\u003eUnicenter Service Fulfillment 2.2 ;\u003c/LI\u003e \u003cLI\u003eUnicenter Service Fulfillment R11 ;\u003c/LI\u003e \u003cLI\u003eUnicenter Asset Portfolio Management R11 ;\u003c/LI\u003e \u003cLI\u003eUnicenter Service Matrix Analysis R11 ;\u003c/LI\u003e \u003cLI\u003eUnicenter Service Catalog/Fulfillment/Accounting R11 ;\u003c/LI\u003e \u003cLI\u003eUnicenter MQ Management R11 ;\u003c/LI\u003e \u003cLI\u003eUnicenter Application Server Management R11 ;\u003c/LI\u003e \u003cLI\u003eUnicenter Web Server Management R11 ;\u003c/LI\u003e \u003cLI\u003eUnicenter Exchange Management R11.\u003c/LI\u003e \u003c/UL\u003e",
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le traitement des requ\u00eates HTTP\nGET par iGateway quand le mode debug est activ\u00e9. Un utilisateur mal\nintentionn\u00e9 peut, par le biais de requ\u00eates HTTP GET malicieusement\nconstitu\u00e9es, ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nMettre \u00e0 jour iGateway en version 4.0.050623 ou sup\u00e9rieure.\n",
"cves": [],
"initial_release_date": "2005-11-08T00:00:00",
"last_revision_date": "2005-11-08T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 33485 de Computer Associates du 19 octobre 2005 :",
"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"
}
],
"reference": "CERTA-2005-AVI-443",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2005-11-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": null,
"title": "Vuln\u00e9rabilit\u00e9 dans Computer Associates iGateway",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 de Computer Associates 33485 du 19 octobre 2005",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…