cvelistv5 - CVE-2005-3653

CVE-2005-3653

Vulnerability from cvelistv5

Published

2006-01-23 20:00

Modified

2024-08-07 23:17

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://marc.info/?l=full-disclosure&m=113803349715927&w=2
cve@mitre.org	http://secunia.com/advisories/18591	Patch, Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/380
cve@mitre.org	http://securitytracker.com/id?1015526	Patch
cve@mitre.org	http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp	Patch, Vendor Advisory
cve@mitre.org	http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376	Patch, Vendor Advisory
cve@mitre.org	http://www.osvdb.org/22688	Patch
cve@mitre.org	http://www.securityfocus.com/archive/1/423288/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/423403/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/16354	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/0311	Vendor Advisory
cve@mitre.org	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/24269
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=full-disclosure&m=113803349715927&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18591	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/380
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015526	Patch
af854a3a-2127-422b-91ae-364da2661108	http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/22688	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/423288/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/423403/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16354	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/0311	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/24269

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:17:23.637Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1015526",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015526"
          },
          {
            "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
          },
          {
            "name": "22688",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/22688"
          },
          {
            "name": "18591",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18591"
          },
          {
            "name": "16354",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16354"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
          },
          {
            "name": "380",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/380"
          },
          {
            "name": "ca-igateway-contentlength-bo(24269)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
          },
          {
            "name": "ADV-2006-0311",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0311"
          },
          {
            "name": "20060127 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
          },
          {
            "name": "20060123 Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
          },
          {
            "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1015526",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015526"
        },
        {
          "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
        },
        {
          "name": "22688",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/22688"
        },
        {
          "name": "18591",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18591"
        },
        {
          "name": "16354",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16354"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
        },
        {
          "name": "380",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/380"
        },
        {
          "name": "ca-igateway-contentlength-bo(24269)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
        },
        {
          "name": "ADV-2006-0311",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0311"
        },
        {
          "name": "20060127 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
        },
        {
          "name": "20060123 Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
        },
        {
          "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3653",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1015526",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015526"
            },
            {
              "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
            },
            {
              "name": "22688",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/22688"
            },
            {
              "name": "18591",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18591"
            },
            {
              "name": "16354",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16354"
            },
            {
              "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778",
              "refsource": "CONFIRM",
              "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
            },
            {
              "name": "380",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/380"
            },
            {
              "name": "ca-igateway-contentlength-bo(24269)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
            },
            {
              "name": "ADV-2006-0311",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0311"
            },
            {
              "name": "20060127 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
            },
            {
              "name": "20060123 Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow",
              "refsource": "IDEFENSE",
              "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
            },
            {
              "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
            },
            {
              "name": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp",
              "refsource": "CONFIRM",
              "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3653",
    "datePublished": "2006-01-23T20:00:00",
    "dateReserved": "2005-11-18T00:00:00",
    "dateUpdated": "2024-08-07T23:17:23.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-3653\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-12-31T05:00:00.000\",\"lastModified\":\"2024-11-21T00:02:21.310\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E37161BE-6AF5-40E0-BD63-2C17431D8B36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"477EE032-D183-478F-A2BF-6165277A7414\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FB993B2-9A44-40E2-AA05-0CAD04BDC26D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7461AE5-2067-4964-93B7-560CD02CEAC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_portal:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F206D15-FF0D-400E-9727-5DA6C07B57EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_process_automation_manager:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD04989D-D045-4693-87DA-16754D9BF644\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_san_manager:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA67A49C-688A-4B6E-8B90-BEC937FCEE20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_san_manager:11.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFD847AD-8AD1-40C1-9582-CC234D900CEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_storage_resource_manager:6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70D35A8A-BB31-4FC6-8031-D93FE7347A10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_storage_resource_manager:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7384B78-1F35-4DB4-A128-EBE33FD70C8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_storage_resource_manager:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3F5A1F3-EEE3-4187-9F44-545EB21EF121\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_storage_resource_manager:11.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"152FDE32-0525-4F1E-9BD5-A3EB47644B03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_admin:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08594EFB-E04B-42E8-BE00-C3ACDB62BA4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_audit_aries:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBBF77AF-542C-49E8-8F5A-1C0DB73F2DE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_audit_irecorder:1.5:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6829D317-1AB6-471B-9CE4-563C4FFB290D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_audit_irecorder:1.5:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"571D4793-63EE-4A9D-991B-0F92842BDF58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_audit_irecorder:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F182A43-4999-441D-9B37-093E033BAADC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_identity_minder:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DF2F1AC-CF62-47CE-96B3-08CE412A7D0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_integrated_threat_management:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"045F1ADA-E9D1-4C8B-9275-040939E73A6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:itechnology_igateway:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.0.050615\",\"matchCriteriaId\":\"AA60254A-F0BE-4E53-9D04-C3F4D80E662D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:unicenter_asset_portfolio_management:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3358719-780A-41E1-A09A-7C27C921D6DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:unicenter_autosys_jm:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"388A5565-442B-441C-B727-586B23FE8540\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:unicenter_service_delivery:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"137A1E55-CDF0-49FF-9A63-5FB44BA9FC40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:unicenter_service_desk:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2247ED3-2CF1-49A5-9456-F51164A1D220\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:unicenter_service_desk_knowledge_tools:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3046725F-B0C5-4625-AE5D-8B6C7DC9A085\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:unicenter_service_fulfillment:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF7FADA4-429F-4658-A47C-DCB13D6ED903\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:unicenter_service_metric_analysis:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"607CA384-B71B-460F-ACCF-ACCBC9C17FA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"6E236148-4A57-4FDC-A072-A77D3DD2DB53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:brightstor_enterprise_backup:10.0:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"15862D0F-90C0-46A3-8457-B1FD8877CC74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"196FFF4A-1976-477B-927F-82A3CBECA530\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:tru64:*:*:*:*:*\",\"matchCriteriaId\":\"5DC10E01-4694-4699-9C8D-328627F515D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:windows_64-bit:*:*:*:*:*\",\"matchCriteriaId\":\"2C3C45FE-C057-4DF2-8D68-892C9DD47ED1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:etrust_audit_aries:1.5:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"473DC00E-B779-4CB4-A165-DE2954F225C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:etrust_audit_aries:1.5:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7A0ED34-94B3-447E-8CF2-8439FAF05894\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:etrust_directory:8.1_web_components:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F148F27B-50D6-4C29-BC9D-1E11B783808D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DB54A16-5E56-46FC-A49C-56C98C0B8F1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:unicenter_application_performance_monitor:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96C5D628-2CBB-4ED1-B7C1-C2ABE6A8E2FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:unicenter_application_server_managment:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54A75987-8E51-4D25-965D-343E8F07BC25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:unicenter_ca_web_services_distributed_management:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48726411-E052-4F4A-9EAC-7616059E3599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:unicenter_exchange_management_console:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1ADE61A-3096-4079-B586-00B977B5E523\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:unicenter_management:3.5:*:websphere_mq:*:*:*:*:*\",\"matchCriteriaId\":\"0FE2A55B-A89D-470E-8E9E-4B1B0FB1C4C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:unicenter_management:11.0:*:weblogic:*:*:*:*:*\",\"matchCriteriaId\":\"07E5BAC2-FF02-4ADC-9939-AE93B60E53E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:unicenter_management:11.0:*:websphere:*:*:*:*:*\",\"matchCriteriaId\":\"DBB1EA1F-57BA-4850-B5C2-6900A1DE80CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:unicenter_service_catalog_fulfillment_accounting:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8045AE85-40C1-4122-B073-8579E84B88D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:unicenter_service_fulfillment:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8DB1604-AFCB-4D37-9665-9725119570F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:unicenter_service_level_management:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF170A77-7B4D-4B0F-BA7C-05773E03DFE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:unicenter_web_server_management:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11364903-CA67-499C-9BE8-36B01FD7E7A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:unicenter_web_services_distributed_management:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83DFAC82-1835-49EE-AE88-BFFFD2D6C2B9\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/18591\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/380\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1015526\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/22688\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/423288/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/423403/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/16354\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/0311\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/24269\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/18591\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/380\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015526\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/22688\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/423288/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/423403/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/16354\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/0311\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/24269\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field. The attacker can trigger the vulnerability by supplying a negative HTTP Content-Length value and a large URI to the service. A successful attack can result in corrupting process memory and the execution of arbitrary code with SYSTEM privileges on Windows platforms. The vendor has reported that this issue triggers only a denial-of-service condition on other platforms. Products containing iGateway 4.0.051230 are vulnerable to this issue. iTechnology is an integrated technology that provides standard Web service interfaces for third-party products. There is a heap overflow vulnerability in iTechnology's processing of HTTP request headers. iGateway service monitors standard HTTP or SSL communication on port 5250. The service does not properly handle negative HTTP Content-Length fields. iGateway parses the Content-length field value of the HTTP request and uses this value directly in the malloc() heap allocation call, so if a negative value is provided, the heap allocation call will return a small buffer. After the malloc() call, memcpy the provided URI to the allocated buffer and overwrite it to the heap.

TITLE: CA Products iGateway Service Content-Length Buffer Overflow

SECUNIA ADVISORY ID: SA18591

VERIFY ADVISORY: http://secunia.com/advisories/18591/

CRITICAL: Moderately critical

IMPACT: System access

WHERE:

From local network

SOFTWARE: BrightStor ARCserve Backup 11.x http://secunia.com/product/312/ BrightStor ARCserve Backup 11.x (for Windows) http://secunia.com/product/3099/ BrightStor ARCserve Backup 9.x http://secunia.com/product/313/ BrightStor ARCserve Backup for Laptops & Desktops 11.x http://secunia.com/product/5906/ BrightStor Enterprise Backup 10.x http://secunia.com/product/314/ BrightStor Process Automation Manager 11.x http://secunia.com/product/5908/ BrightStor Storage Resource Manager 11.x http://secunia.com/product/5909/ BrightStor Storage Resource Manager 6.x http://secunia.com/product/5910/ CA Advantage Data Transformer 2.x http://secunia.com/product/5904/ CA AllFusion Harvest Change Manager 7.x http://secunia.com/product/5905/ CA BrightStor Portal 11.x http://secunia.com/product/5577/ CA BrightStor SAN Manager 11.x http://secunia.com/product/5576/ CA eTrust Admin 8.x http://secunia.com/product/5584/ CA eTrust Audit 1.x http://secunia.com/product/5911/ CA eTrust Audit 8.x http://secunia.com/product/5912/ CA eTrust Identity Minder 8.x http://secunia.com/product/5913/ CA Unicenter Service Fulfillment 2.x http://secunia.com/product/5942/ eTrust Secure Content Manager (SCM) http://secunia.com/product/3391/

DESCRIPTION: Erika Mendoza has reported a vulnerability in various CA products, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the handling of HTTP data in the iGateway component.

SOLUTION: Update the iGateway component to version 4.0.051230 or later. ftp://ftp.ca.com/pub/iTech/downloads/

PROVIDED AND/OR DISCOVERED BY: Erika Mendoza

ORIGINAL ADVISORY: Computer Associates: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778

iDEFENSE: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. Please see below for important changes to CAID 33778 (aka CVE-2005-3653; OSVDB 22688; X-Force 24269; SecurityTracker Alert ID 1015526). Changelog is near end of advisory.

Regards, Ken Williams

Title: CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]

CA Vulnerability ID: 33778

CA Advisory Date: 2006-01-23 Updated Advisory [v1.1]: 2006-01-26

Discovered By: Erika Mendoza reported this issue to iDefense.

Mitigating Factors: None.

Severity: CA has given this vulnerability a Medium risk rating.

Affected Technologies: Please note that the iGateway component is not a product, but rather a common component that is included with multiple products. The iGateway component is included in the following CA products, which are consequently potentially vulnerable.

Affected Products:

BrightStor ARCserve Backup r11.5 BrightStor ARCserve Backup r11.1 BrightStor ARCserve Backup for Windows r11 BrightStor Enterprise Backup 10.5 BrightStor ARCserve Backup v9.01 BrightStor ARCserve Backup Laptop & Desktop r11.1 BrightStor ARCserve Backup Laptop & Desktop r11 BrightStor Process Automation Manager r11.1 BrightStor SAN Manager r11.1 BrightStor SAN Manager r11.5 BrightStor Storage Resource Manager r11.5 BrightStor Storage Resource Manager r11.1 BrightStor Storage Resource Manager 6.4 BrightStor Storage Resource Manager 6.3 BrightStor Portal 11.1

Note to BrightStor Storage Resource Manager and BrightStor Portal users: In addition to the application servers where these products are installed, all hosts that have iSponsors deployed to them for managing applications like Veritas Volume Manager and Tivoli TSM are also affected by this vulnerability.

eTrust Products: eTrust Audit 1.5 SP2 (iRecorders and ARIES) eTrust Audit 1.5 SP3 (iRecorders and ARIES) eTrust Audit 8.0 (iRecorders and ARIES) eTrust Admin 8.1 eTrust Identity Minder 8.0 eTrust Secure Content Manager (SCM) R8 eTrust Integrated Threat Management (ITM) R8 eTrust Directory, R8.1 (Web Components Only)

Unicenter Products: Unicenter CA Web Services Distributed Management R11 Unicenter AutoSys JM R11 Unicenter Management for WebLogic / Management for WebSphere R11 Unicenter Service Delivery R11 Unicenter Service Level Management (USLM) R11 Unicenter Application Performance Monitor R11 Unicenter Service Desk R11 Unicenter Service Desk Knowledge Tools R11 Unicenter Asset Portfolio Management R11 Unicenter Service Metric Analysis R11 Unicenter Service Catalog/Assure/Accounting R11 Unicenter MQ Management R11 Unicenter Application Server Management R11 Unicenter Web Server Management R11 Unicenter Exchange Management R11

Affected platforms: AIX, HP-UX, Linux Intel, Solaris, and Windows

Status and Recommendation: Customers with vulnerable versions of the iGateway component should upgrade to the current version of iGateway (4.0.051230 or later), which is available for download from the following locations: http://supportconnect.ca.com/ ftp://ftp.ca.com/pub/iTech/downloads/

Determining the version of iGateway: To determine the version numbers of the iGateway components:

Go to the igateway directory:

On windows, this is %IGW_LOC% Default path for v3.: C:\Program Files\CA\igateway Default path for v4.: C:\Program Files\CA\SharedComponents\iTechnology

On unix, Default path for v3.: /opt/CA/igateway Default path for v4.: the install directory path is contained in opt/CA/SharedComponents/iTechnology.location. The default path is /opt/CA/SharedComponents/iTechnology

Look at the element in igateway.conf.

The versions are affected by this vulnerability if you see a value LESS THAN the following: 4.0.051230 (note the format of v.s.YYMMDD)

References: (note that URLs may wrap) CA SupportConnect: http://supportconnect.ca.com/ http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_not ice.asp

CAID: 33778 CAID Advisory link: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778

CVE Reference: CVE-2005-3653 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3653

OSVDB Reference: OSVDB-22688 http://osvdb.org/22688

iDefense Reference: Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376

Changelog: v1.0 - Initial Release v1.1 - Removed several unaffected technologies; added more reference links.

Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory, please send email to vuln@ca.com, or contact me directly.

If you discover a vulnerability in CA products, please report your findings to vuln@ca.com, or utilize our "Submit a Vulnerability" form. URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx

Regards, Ken Williams ; 0xE2941985 Dir. of CA Vulnerability Research Team

CA, One Computer Associates Plaza. Islandia, NY 11749

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "unicenter application performance monitor",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "etrust secure content manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ca",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "brightstor arcserve backup",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ca",
        "version": "11"
      },
      {
        "_id": null,
        "model": "etrust directory",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ca",
        "version": "8.1_web_components"
      },
      {
        "_id": null,
        "model": "unicenter application server managment",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "unicenter web services distributed management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "itechnology igateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "4.0.050615"
      },
      {
        "_id": null,
        "model": "etrust audit irecorder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "brightstor arcserve backup laptops desktops",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "etrust admin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "brightstor san manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "unicenter service catalog fulfillment accounting",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "etrust audit irecorder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "unicenter management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "3.5"
      },
      {
        "_id": null,
        "model": "brightstor portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "unicenter service desk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "brightstor storage resource manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "brightstor process automation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "unicenter asset portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "brightstor arcserve backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "unicenter service desk knowledge tools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "brightstor arcserve backup laptops desktops",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "brightstor storage resource manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.4"
      },
      {
        "_id": null,
        "model": "etrust identity minder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "brightstor enterprise backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "brightstor san manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "brightstor enterprise backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "10.5"
      },
      {
        "_id": null,
        "model": "brightstor arcserve backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "9.01"
      },
      {
        "_id": null,
        "model": "brightstor storage resource manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.3"
      },
      {
        "_id": null,
        "model": "unicenter ca web services distributed management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "unicenter autosys jm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "unicenter service metric analysis",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "unicenter management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "unicenter web server management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "unicenter service fulfillment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "brightstor storage resource manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "unicenter exchange management console",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "etrust integrated threat management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "etrust audit aries",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "unicenter service delivery",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "brightstor arcserve backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "unicenter service level management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "unicenter service fulfillment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "etrust audit aries",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "9.01"
      },
      {
        "_id": null,
        "model": "etrust integrated threat management",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "unicenter asset portfolio management",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "etrust identity minder",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "brightstor arcserve backup laptops desktops",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter web server management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter service matrix analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter service level management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter service fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter service fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.2"
      },
      {
        "_id": null,
        "model": "associates unicenter service desk knowledge tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter service desk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter service delivery",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter service catalog/fulfillment/accounting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter mq management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter management for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter management for weblogic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter exchange management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter ca web services distributed management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter autosys jm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter asset portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter application server managment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates unicenter application performance monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates etrust secure content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "associates etrust integrated threat management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "associates etrust identity minder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "associates etrust directory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "associates etrust audit irecorders",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "associates etrust audit irecorders sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "associates etrust audit irecorders sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "associates etrust audit aries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "associates etrust audit aries sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "associates etrust audit aries sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.5"
      },
      {
        "_id": null,
        "model": "associates etrust admin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "associates brightstor srm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "associates brightstor srm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "associates brightstor srm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6.4"
      },
      {
        "_id": null,
        "model": "associates brightstor srm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6.3"
      },
      {
        "_id": null,
        "model": "associates brightstor san manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "associates brightstor san manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "associates brightstor process automation manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "associates brightstor portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "associates brightstor enterprise backup for windows bit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6410.5"
      },
      {
        "_id": null,
        "model": "associates brightstor enterprise backup for tru64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "10.5"
      },
      {
        "_id": null,
        "model": "associates brightstor enterprise backup for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "10.5"
      },
      {
        "_id": null,
        "model": "associates brightstor enterprise backup for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "associates brightstor arcserve backup for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.5"
      },
      {
        "_id": null,
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "9.01"
      },
      {
        "_id": null,
        "model": "associates arcserve backup for laptops and desktops",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "_id": null,
        "model": "associates arcserve backup for laptops and desktops",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "16354"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3653"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Erika Mendoza",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2005-3653",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2005-3653",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-14861",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2005-3653",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200512-713",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-14861",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14861"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3653"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field. \nThe attacker can trigger the vulnerability by supplying a negative HTTP Content-Length value and a large URI to the service. \nA successful attack can result in corrupting process memory and the execution of arbitrary code with SYSTEM privileges on Windows platforms. The vendor has reported that this issue triggers only a denial-of-service condition on other platforms. \nProducts containing iGateway 4.0.051230 are vulnerable to this issue. iTechnology is an integrated technology that provides standard Web service interfaces for third-party products. There is a heap overflow vulnerability in iTechnology\u0027s processing of HTTP request headers. iGateway service monitors standard HTTP or SSL communication on port 5250. The service does not properly handle negative HTTP Content-Length fields. iGateway parses the Content-length field value of the HTTP request and uses this value directly in the malloc() heap allocation call, so if a negative value is provided, the heap allocation call will return a small buffer. After the malloc() call, memcpy the provided URI to the allocated buffer and overwrite it to the heap. \n\nTITLE:\nCA Products iGateway Service Content-Length Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA18591\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18591/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nBrightStor ARCserve Backup 11.x\nhttp://secunia.com/product/312/\nBrightStor ARCserve Backup 11.x (for Windows)\nhttp://secunia.com/product/3099/\nBrightStor ARCserve Backup 9.x\nhttp://secunia.com/product/313/\nBrightStor ARCserve Backup for Laptops \u0026 Desktops 11.x\nhttp://secunia.com/product/5906/\nBrightStor Enterprise Backup 10.x\nhttp://secunia.com/product/314/\nBrightStor Process Automation Manager 11.x\nhttp://secunia.com/product/5908/\nBrightStor Storage Resource Manager 11.x\nhttp://secunia.com/product/5909/\nBrightStor Storage Resource Manager 6.x\nhttp://secunia.com/product/5910/\nCA Advantage Data Transformer 2.x\nhttp://secunia.com/product/5904/\nCA AllFusion Harvest Change Manager 7.x\nhttp://secunia.com/product/5905/\nCA BrightStor Portal 11.x\nhttp://secunia.com/product/5577/\nCA BrightStor SAN Manager 11.x\nhttp://secunia.com/product/5576/\nCA eTrust Admin 8.x\nhttp://secunia.com/product/5584/\nCA eTrust Audit 1.x\nhttp://secunia.com/product/5911/\nCA eTrust Audit 8.x\nhttp://secunia.com/product/5912/\nCA eTrust Identity Minder 8.x\nhttp://secunia.com/product/5913/\nCA Unicenter Service Fulfillment 2.x\nhttp://secunia.com/product/5942/\neTrust Secure Content Manager (SCM)\nhttp://secunia.com/product/3391/\n\nDESCRIPTION:\nErika Mendoza has reported a vulnerability in various CA products,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nThe vulnerability is caused due to a boundary error in the handling\nof HTTP data in the iGateway component. \n\nSOLUTION:\nUpdate the iGateway component to version 4.0.051230 or later. \nftp://ftp.ca.com/pub/iTech/downloads/\n\nPROVIDED AND/OR DISCOVERED BY:\nErika Mendoza\n\nORIGINAL ADVISORY:\nComputer Associates: \nhttp://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778\n\niDEFENSE:\nhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=376\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \nPlease see below for important changes to CAID 33778 (aka CVE-2005-3653;\nOSVDB 22688; X-Force 24269; SecurityTracker Alert ID 1015526). \nChangelog is near end of advisory. \n\nRegards,\nKen Williams\n\n\nTitle: CAID 33778 - CA iGateway Content-Length Buffer Overflow \nVulnerability [v1.1]\n\nCA Vulnerability ID: 33778\n\nCA Advisory Date: 2006-01-23\nUpdated Advisory [v1.1]: 2006-01-26\n\nDiscovered By: Erika Mendoza reported this issue to iDefense. \n\n\nMitigating Factors: None. \n\n\nSeverity: CA has given this vulnerability a Medium risk rating. \n\n\nAffected Technologies: Please note that the iGateway component is\nnot a product, but rather a common component that is included \nwith multiple products.  The iGateway component is included in \nthe following CA products, which are consequently potentially \nvulnerable. \n\n\nAffected Products:\n\nBrightStor ARCserve Backup r11.5\nBrightStor ARCserve Backup r11.1\nBrightStor ARCserve Backup for Windows r11\nBrightStor Enterprise Backup 10.5\nBrightStor ARCserve Backup v9.01\nBrightStor ARCserve Backup Laptop \u0026 Desktop r11.1\nBrightStor ARCserve Backup Laptop \u0026 Desktop r11\nBrightStor Process Automation Manager r11.1\nBrightStor SAN Manager r11.1\nBrightStor SAN Manager r11.5\nBrightStor Storage Resource Manager r11.5\nBrightStor Storage Resource Manager r11.1\nBrightStor Storage Resource Manager 6.4\nBrightStor Storage Resource Manager 6.3\nBrightStor Portal 11.1\n\nNote to BrightStor Storage Resource Manager and BrightStor Portal\nusers: In addition to the application servers where these products \nare installed, all hosts that have iSponsors deployed to them for \nmanaging applications like Veritas Volume Manager and Tivoli TSM \nare also affected by this vulnerability. \n\neTrust Products:\neTrust Audit 1.5 SP2 (iRecorders and ARIES)\neTrust Audit 1.5 SP3 (iRecorders and ARIES)\neTrust Audit 8.0 (iRecorders and ARIES)\neTrust Admin 8.1\neTrust Identity Minder 8.0\neTrust Secure Content Manager (SCM) R8\neTrust Integrated Threat Management (ITM) R8\neTrust Directory, R8.1 (Web Components Only)\n\nUnicenter Products:\nUnicenter CA Web Services Distributed Management R11\nUnicenter AutoSys JM R11\nUnicenter Management for WebLogic / Management for WebSphere R11\nUnicenter Service Delivery R11\nUnicenter Service Level Management (USLM) R11\nUnicenter Application Performance Monitor R11\nUnicenter Service Desk R11\nUnicenter Service Desk Knowledge Tools R11\nUnicenter Asset Portfolio Management R11\nUnicenter Service Metric Analysis R11\nUnicenter Service Catalog/Assure/Accounting R11\nUnicenter MQ Management R11\nUnicenter Application Server Management R11\nUnicenter Web Server Management R11\nUnicenter Exchange Management R11\n\n\nAffected platforms:\nAIX, HP-UX, Linux Intel, Solaris, and Windows\n\n\nStatus and Recommendation: \nCustomers with vulnerable versions of the iGateway component \nshould upgrade to the current version of iGateway (4.0.051230 or \nlater), which is available for download from the following \nlocations:\nhttp://supportconnect.ca.com/\nftp://ftp.ca.com/pub/iTech/downloads/\n\n\nDetermining the version of iGateway:\nTo determine the version numbers of the iGateway components:\n\nGo to the igateway directory:\n\nOn windows, this is %IGW_LOC%\nDefault path for v3.*: C:\\Program Files\\CA\\igateway\nDefault path for v4.*: \nC:\\Program Files\\CA\\SharedComponents\\iTechnology\n\nOn unix, \nDefault path for v3.*: \t/opt/CA/igateway\nDefault path for v4.*: \tthe install directory path is contained in \nopt/CA/SharedComponents/iTechnology.location. \nThe default path is /opt/CA/SharedComponents/iTechnology\n\nLook at the \u003cVersion\u003e element in igateway.conf. \n\nThe versions are affected by this vulnerability if you see \na value LESS THAN the following: \n\u003cVersion\u003e4.0.051230\u003c/Version\u003e  (note the format of v.s.YYMMDD)\n\n\nReferences: \n(note that URLs may wrap)\nCA SupportConnect:\nhttp://supportconnect.ca.com/\nhttp://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_not\nice.asp\n\nCAID: 33778\nCAID Advisory link: \nhttp://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778\n\nCVE Reference: CVE-2005-3653\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3653\n\nOSVDB Reference: OSVDB-22688\nhttp://osvdb.org/22688\n\niDefense Reference:\nComputer Associates iTechnology iGateway Service Content-Length \nBuffer Overflow\nhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=376\n\n\nChangelog:\nv1.0 - Initial Release\nv1.1 - Removed several unaffected technologies; added more \nreference links. \n\n\nCustomers who require additional information should contact CA \nTechnical Support at http://supportconnect.ca.com. \n\nFor technical questions or comments related to this advisory,\nplease send email to vuln@ca.com, or contact me directly. \n\nIf you discover a vulnerability in CA products, please report\nyour findings to vuln@ca.com, or utilize our \"Submit a \nVulnerability\" form. \nURL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx\n\n\nRegards,\nKen Williams ; 0xE2941985\nDir. of CA Vulnerability Research Team\n\n\nCA, One Computer Associates Plaza. Islandia, NY 11749\n\t\nContact http://www3.ca.com/contact/\nLegal Notice http://ca.com/calegal.htm\nPrivacy Policy http://www.ca.com/caprivacy.htm\nCopyright 2006 CA.  All rights reserved",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3653"
      },
      {
        "db": "BID",
        "id": "16354"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14861"
      },
      {
        "db": "PACKETSTORM",
        "id": "43303"
      },
      {
        "db": "PACKETSTORM",
        "id": "43468"
      }
    ],
    "trust": 1.44
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2005-3653",
        "trust": 2.1
      },
      {
        "db": "BID",
        "id": "16354",
        "trust": 2.0
      },
      {
        "db": "OSVDB",
        "id": "22688",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "18591",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1015526",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "380",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-0311",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-14861",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "43303",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "43468",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14861"
      },
      {
        "db": "BID",
        "id": "16354"
      },
      {
        "db": "PACKETSTORM",
        "id": "43303"
      },
      {
        "db": "PACKETSTORM",
        "id": "43468"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3653"
      }
    ]
  },
  "id": "VAR-200512-0273",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14861"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T23:13:30.158000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "CA iTechnology iGateway Service negative Content-Length Repair measures for field value buffer error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146825"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14861"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3653"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
      },
      {
        "trust": 1.9,
        "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/16354"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/22688"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1015526"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/18591"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/380"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2006/0311"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.ca.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/423403"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/423288"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=full-disclosure\u0026amp;m=113803349715927\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/314/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5912/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3099/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3391/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5913/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5576/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5577/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5911/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5906/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5904/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5905/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/18591/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5908/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5584/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5909/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5942/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5910/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/313/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/312/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3653"
      },
      {
        "trust": 0.1,
        "url": "http://supportconnect.ca.com."
      },
      {
        "trust": 0.1,
        "url": "http://ca.com/calegal.htm"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/caprivacy.htm"
      },
      {
        "trust": 0.1,
        "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_not"
      },
      {
        "trust": 0.1,
        "url": "http://osvdb.org/22688"
      },
      {
        "trust": 0.1,
        "url": "http://supportconnect.ca.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www3.ca.com/contact/"
      },
      {
        "trust": 0.1,
        "url": "http://www3.ca.com/securityadvisor/vulninfo/submit.aspx"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14861"
      },
      {
        "db": "BID",
        "id": "16354"
      },
      {
        "db": "PACKETSTORM",
        "id": "43303"
      },
      {
        "db": "PACKETSTORM",
        "id": "43468"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3653"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-14861",
        "ident": null
      },
      {
        "db": "BID",
        "id": "16354",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "43303",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "43468",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3653",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2005-12-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14861",
        "ident": null
      },
      {
        "date": "2006-01-23T00:00:00",
        "db": "BID",
        "id": "16354",
        "ident": null
      },
      {
        "date": "2006-01-25T06:44:12",
        "db": "PACKETSTORM",
        "id": "43303",
        "ident": null
      },
      {
        "date": "2006-01-29T22:15:05",
        "db": "PACKETSTORM",
        "id": "43468",
        "ident": null
      },
      {
        "date": "2005-12-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200512-713",
        "ident": null
      },
      {
        "date": "2005-12-31T05:00:00",
        "db": "NVD",
        "id": "CVE-2005-3653",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-10-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14861",
        "ident": null
      },
      {
        "date": "2007-06-27T19:38:00",
        "db": "BID",
        "id": "16354",
        "ident": null
      },
      {
        "date": "2021-04-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200512-713",
        "ident": null
      },
      {
        "date": "2024-11-21T00:02:21.310000",
        "db": "NVD",
        "id": "CVE-2005-3653",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "CA iTechnology iGateway Service negative Content-Length Field value buffer error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "_id": null,
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-713"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2005-3653

Vulnerability from fkie_nvd

Published

2005-12-31 05:00

Modified

2024-11-21 00:02

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://marc.info/?l=full-disclosure&m=113803349715927&w=2
cve@mitre.org	http://secunia.com/advisories/18591	Patch, Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/380
cve@mitre.org	http://securitytracker.com/id?1015526	Patch
cve@mitre.org	http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp	Patch, Vendor Advisory
cve@mitre.org	http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376	Patch, Vendor Advisory
cve@mitre.org	http://www.osvdb.org/22688	Patch
cve@mitre.org	http://www.securityfocus.com/archive/1/423288/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/423403/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/16354	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/0311	Vendor Advisory
cve@mitre.org	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/24269
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=full-disclosure&m=113803349715927&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18591	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/380
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015526	Patch
af854a3a-2127-422b-91ae-364da2661108	http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/22688	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/423288/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/423403/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16354	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/0311	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/24269

Impacted products

Vendor	Product	Version
broadcom	brightstor_arcserve_backup	9.01
broadcom	brightstor_arcserve_backup	11.1
broadcom	brightstor_arcserve_backup	11.5
broadcom	brightstor_arcserve_backup_laptops_desktops	11.0
broadcom	brightstor_arcserve_backup_laptops_desktops	11.1
broadcom	brightstor_portal	11.1
broadcom	brightstor_process_automation_manager	11.1
broadcom	brightstor_san_manager	11.1
broadcom	brightstor_san_manager	11.5
broadcom	brightstor_storage_resource_manager	6.3
broadcom	brightstor_storage_resource_manager	6.4
broadcom	brightstor_storage_resource_manager	11.1
broadcom	brightstor_storage_resource_manager	11.5
broadcom	etrust_admin	8.1
broadcom	etrust_audit_aries	8.0
broadcom	etrust_audit_irecorder	1.5
broadcom	etrust_audit_irecorder	1.5
broadcom	etrust_audit_irecorder	8.0
broadcom	etrust_identity_minder	8.0
broadcom	etrust_integrated_threat_management	8.0
broadcom	itechnology_igateway	*
broadcom	unicenter_asset_portfolio_management	11.0
broadcom	unicenter_autosys_jm	11.0
broadcom	unicenter_service_delivery	11.0
broadcom	unicenter_service_desk	11.0
broadcom	unicenter_service_desk_knowledge_tools	11.0
broadcom	unicenter_service_fulfillment	2.2
broadcom	unicenter_service_metric_analysis	11.0
ca	brightstor_arcserve_backup	11
ca	brightstor_enterprise_backup	10.0
ca	brightstor_enterprise_backup	10.5
ca	brightstor_enterprise_backup	10.5
ca	brightstor_enterprise_backup	10.5
ca	etrust_audit_aries	1.5
ca	etrust_audit_aries	1.5
ca	etrust_directory	8.1_web_components
ca	etrust_secure_content_manager	8.0
ca	unicenter_application_performance_monitor	11.0
ca	unicenter_application_server_managment	11.0
ca	unicenter_ca_web_services_distributed_management	11.0
ca	unicenter_exchange_management_console	11.0
ca	unicenter_management	3.5
ca	unicenter_management	11.0
ca	unicenter_management	11.0
ca	unicenter_service_catalog_fulfillment_accounting	11.0
ca	unicenter_service_fulfillment	11.0
ca	unicenter_service_level_management	11.0
ca	unicenter_web_server_management	11.0
ca	unicenter_web_services_distributed_management	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB993B2-9A44-40E2-AA05-0CAD04BDC26D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7461AE5-2067-4964-93B7-560CD02CEAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_portal:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F206D15-FF0D-400E-9727-5DA6C07B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_process_automation_manager:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD04989D-D045-4693-87DA-16754D9BF644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_san_manager:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA67A49C-688A-4B6E-8B90-BEC937FCEE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_san_manager:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFD847AD-8AD1-40C1-9582-CC234D900CEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D35A8A-BB31-4FC6-8031-D93FE7347A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7384B78-1F35-4DB4-A128-EBE33FD70C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3F5A1F3-EEE3-4187-9F44-545EB21EF121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "152FDE32-0525-4F1E-9BD5-A3EB47644B03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_admin:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "08594EFB-E04B-42E8-BE00-C3ACDB62BA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_audit_aries:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBBF77AF-542C-49E8-8F5A-1C0DB73F2DE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_audit_irecorder:1.5:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "6829D317-1AB6-471B-9CE4-563C4FFB290D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_audit_irecorder:1.5:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "571D4793-63EE-4A9D-991B-0F92842BDF58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_audit_irecorder:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F182A43-4999-441D-9B37-093E033BAADC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_identity_minder:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DF2F1AC-CF62-47CE-96B3-08CE412A7D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_integrated_threat_management:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "045F1ADA-E9D1-4C8B-9275-040939E73A6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:itechnology_igateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA60254A-F0BE-4E53-9D04-C3F4D80E662D",
              "versionEndIncluding": "4.0.050615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_asset_portfolio_management:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3358719-780A-41E1-A09A-7C27C921D6DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_autosys_jm:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "388A5565-442B-441C-B727-586B23FE8540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_service_delivery:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "137A1E55-CDF0-49FF-9A63-5FB44BA9FC40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_service_desk:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2247ED3-2CF1-49A5-9456-F51164A1D220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_service_desk_knowledge_tools:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3046725F-B0C5-4625-AE5D-8B6C7DC9A085",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_service_fulfillment:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF7FADA4-429F-4658-A47C-DCB13D6ED903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_service_metric_analysis:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "607CA384-B71B-460F-ACCF-ACCBC9C17FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
              "matchCriteriaId": "6E236148-4A57-4FDC-A072-A77D3DD2DB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.0:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "15862D0F-90C0-46A3-8457-B1FD8877CC74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "196FFF4A-1976-477B-927F-82A3CBECA530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:tru64:*:*:*:*:*",
              "matchCriteriaId": "5DC10E01-4694-4699-9C8D-328627F515D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:windows_64-bit:*:*:*:*:*",
              "matchCriteriaId": "2C3C45FE-C057-4DF2-8D68-892C9DD47ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:etrust_audit_aries:1.5:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "473DC00E-B779-4CB4-A165-DE2954F225C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:etrust_audit_aries:1.5:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A7A0ED34-94B3-447E-8CF2-8439FAF05894",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:etrust_directory:8.1_web_components:*:*:*:*:*:*:*",
              "matchCriteriaId": "F148F27B-50D6-4C29-BC9D-1E11B783808D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB54A16-5E56-46FC-A49C-56C98C0B8F1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_application_performance_monitor:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "96C5D628-2CBB-4ED1-B7C1-C2ABE6A8E2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_application_server_managment:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54A75987-8E51-4D25-965D-343E8F07BC25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_ca_web_services_distributed_management:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48726411-E052-4F4A-9EAC-7616059E3599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_exchange_management_console:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1ADE61A-3096-4079-B586-00B977B5E523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_management:3.5:*:websphere_mq:*:*:*:*:*",
              "matchCriteriaId": "0FE2A55B-A89D-470E-8E9E-4B1B0FB1C4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_management:11.0:*:weblogic:*:*:*:*:*",
              "matchCriteriaId": "07E5BAC2-FF02-4ADC-9939-AE93B60E53E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_management:11.0:*:websphere:*:*:*:*:*",
              "matchCriteriaId": "DBB1EA1F-57BA-4850-B5C2-6900A1DE80CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_service_catalog_fulfillment_accounting:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8045AE85-40C1-4122-B073-8579E84B88D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_service_fulfillment:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8DB1604-AFCB-4D37-9665-9725119570F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_service_level_management:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF170A77-7B4D-4B0F-BA7C-05773E03DFE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_web_server_management:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11364903-CA67-499C-9BE8-36B01FD7E7A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_web_services_distributed_management:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83DFAC82-1835-49EE-AE88-BFFFD2D6C2B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field."
    }
  ],
  "id": "CVE-2005-3653",
  "lastModified": "2024-11-21T00:02:21.310",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18591"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/380"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015526"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/22688"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/16354"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/0311"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015526"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/22688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/16354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/0311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2005-3653

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2005-3653

Aliases

CVE-2005-3653

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-3653",
    "description": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.",
    "id": "GSD-2005-3653"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-3653"
      ],
      "details": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.",
      "id": "GSD-2005-3653",
      "modified": "2023-12-13T01:20:12.374420Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-3653",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1015526",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015526"
          },
          {
            "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
          },
          {
            "name": "22688",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/22688"
          },
          {
            "name": "18591",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18591"
          },
          {
            "name": "16354",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/16354"
          },
          {
            "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778",
            "refsource": "CONFIRM",
            "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
          },
          {
            "name": "380",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/380"
          },
          {
            "name": "ca-igateway-contentlength-bo(24269)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
          },
          {
            "name": "ADV-2006-0311",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/0311"
          },
          {
            "name": "20060127 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
          },
          {
            "name": "20060123 Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow",
            "refsource": "IDEFENSE",
            "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
          },
          {
            "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
          },
          {
            "name": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp",
            "refsource": "CONFIRM",
            "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:windows_64-bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_portal:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_admin:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:etrust_directory:8.1_web_components:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_identity_minder:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_exchange_management_console:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_management:11.0:*:weblogic:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_service_fulfillment:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_service_fulfillment:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_san_manager:11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_aries:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_irecorder:1.5:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_application_performance_monitor:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_application_server_managment:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_asset_portfolio_management:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_service_catalog_fulfillment_accounting:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_service_delivery:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_web_server_management:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_web_services_distributed_management:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.0:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:tru64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_irecorder:1.5:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_irecorder:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_autosys_jm:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_ca_web_services_distributed_management:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_service_desk:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_service_desk_knowledge_tools:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:itechnology_igateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.0.050615",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_process_automation_manager:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_san_manager:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:etrust_audit_aries:1.5:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:etrust_audit_aries:1.5:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_integrated_threat_management:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_management:11.0:*:websphere:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_management:3.5:*:websphere_mq:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:unicenter_service_level_management:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_service_metric_analysis:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3653"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060123 Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow",
              "refsource": "IDEFENSE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
            },
            {
              "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
            },
            {
              "name": "22688",
              "refsource": "OSVDB",
              "tags": [
                "Patch"
              ],
              "url": "http://www.osvdb.org/22688"
            },
            {
              "name": "16354",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/16354"
            },
            {
              "name": "1015526",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1015526"
            },
            {
              "name": "18591",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/18591"
            },
            {
              "name": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
            },
            {
              "name": "380",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/380"
            },
            {
              "name": "ADV-2006-0311",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0311"
            },
            {
              "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
            },
            {
              "name": "ca-igateway-contentlength-bo(24269)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
            },
            {
              "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
            },
            {
              "name": "20060127 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-04-14T15:41Z",
      "publishedDate": "2005-12-31T05:00Z"
    }
  }
}

ghsa-pqwm-v5fq-x4gm

Vulnerability from github

Published

2022-05-01 02:19

Modified

2022-05-01 02:19

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-3653"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-12-31T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.",
  "id": "GHSA-pqwm-v5fq-x4gm",
  "modified": "2022-05-01T02:19:46Z",
  "published": "2022-05-01T02:19:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3653"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18591"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/380"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015526"
    },
    {
      "type": "WEB",
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
    },
    {
      "type": "WEB",
      "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/22688"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/16354"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/0311"
    },
    {
      "type": "WEB",
      "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2005-3653

Vulnerability from cvelistv5

var-200512-0273

Vulnerability from variot

fkie_cve-2005-3653

Vulnerability from fkie_nvd

gsd-2005-3653

Vulnerability from gsd

ghsa-pqwm-v5fq-x4gm

Vulnerability from github

Tags

Sightings

Nomenclature