CVE-2005-3653

Summary

CVE	CVE-2005-3653
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2005-12-31 05:00:00 UTC
Updated	2025-04-03 01:03:51 UTC
Description	Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.

Risk And Classification

Primary CVSS: v2.0 10 from [email protected]

AV:N/AC:L/Au:N/C:C/I:C/A:C

Problem Types: CWE-119 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Broadcom	Brightstor Arcserve Backup	11.1	All	All	All
Application	Broadcom	Brightstor Arcserve Backup	11.5	All	All	All
Application	Broadcom	Brightstor Arcserve Backup	9.01	All	All	All
Application	Broadcom	Brightstor Arcserve Backup Laptops Desktops	11.0	All	All	All
Application	Broadcom	Brightstor Arcserve Backup Laptops Desktops	11.1	All	All	All
Application	Broadcom	Brightstor Portal	11.1	All	All	All
Application	Broadcom	Brightstor Process Automation Manager	11.1	All	All	All
Application	Broadcom	Brightstor San Manager	11.1	All	All	All
Application	Broadcom	Brightstor San Manager	11.5	All	All	All
Application	Broadcom	Brightstor Storage Resource Manager	11.1	All	All	All
Application	Broadcom	Brightstor Storage Resource Manager	11.5	All	All	All
Application	Broadcom	Brightstor Storage Resource Manager	6.3	All	All	All
Application	Broadcom	Brightstor Storage Resource Manager	6.4	All	All	All
Application	Broadcom	Etrust Admin	8.1	All	All	All
Application	Broadcom	Etrust Audit Aries	8.0	All	All	All
Application	Broadcom	Etrust Audit Irecorder	1.5	sp2	All	All
Application	Broadcom	Etrust Audit Irecorder	1.5	sp3	All	All
Application	Broadcom	Etrust Audit Irecorder	8.0	All	All	All
Application	Broadcom	Etrust Identity Minder	8.0	All	All	All
Application	Broadcom	Etrust Integrated Threat Management	8.0	All	All	All
Application	Broadcom	Itechnology Igateway	All	All	All	All
Application	Broadcom	Unicenter Asset Portfolio Management	11.0	All	All	All
Application	Broadcom	Unicenter Autosys Jm	11.0	All	All	All
Application	Broadcom	Unicenter Service Delivery	11.0	All	All	All
Application	Broadcom	Unicenter Service Desk	11.0	All	All	All
Application	Broadcom	Unicenter Service Desk Knowledge Tools	11.0	All	All	All
Application	Broadcom	Unicenter Service Fulfillment	2.2	All	All	All
Application	Broadcom	Unicenter Service Metric Analysis	11.0	All	All	All
Application	Ca	Brightstor Arcserve Backup	11	All	windows	All
Application	Ca	Brightstor Enterprise Backup	10.0	All	solaris	All
Application	Ca	Brightstor Enterprise Backup	10.5	All	solaris	All
Application	Ca	Brightstor Enterprise Backup	10.5	All	tru64	All
Application	Ca	Brightstor Enterprise Backup	10.5	All	windows_64-bit	All
Application	Ca	Etrust Audit Aries	1.5	sp2	All	All
Application	Ca	Etrust Audit Aries	1.5	sp3	All	All
Application	Ca	Etrust Directory	8.1_web_components	All	All	All
Application	Ca	Etrust Secure Content Manager	8.0	All	All	All
Application	Ca	Unicenter Application Performance Monitor	11.0	All	All	All
Application	Ca	Unicenter Application Server Managment	11.0	All	All	All
Application	Ca	Unicenter Ca Web Services Distributed Management	11.0	All	All	All
Application	Ca	Unicenter Exchange Management Console	11.0	All	All	All
Application	Ca	Unicenter Management	11.0	All	weblogic	All
Application	Ca	Unicenter Management	11.0	All	websphere	All
Application	Ca	Unicenter Management	3.5	All	websphere_mq	All
Application	Ca	Unicenter Service Catalog Fulfillment Accounting	11.0	All	All	All
Application	Ca	Unicenter Service Fulfillment	11.0	All	All	All
Application	Ca	Unicenter Service Level Management	11.0	All	All	All
Application	Ca	Unicenter Web Server Management	11.0	All	All	All
Application	Ca	Unicenter Web Services Distributed Management	11.0	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Secunia - Advisories - CA Products iGateway Service Content-Length Buffer Overflow	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Patch, Vendor Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com	Vendor Advisory
'[Full-disclosure] CAID 33778 - CA iGateway Content-Length Buffer' - MARC	af854a3a-2127-422b-91ae-364da2661108	marc.info
www.osvdb.org/22688	af854a3a-2127-422b-91ae-364da2661108	www.osvdb.org	Patch
SecurityTracker.com Archives - Computer Associates Content-Length Buffer Overflow in iGateway Lets Remote Users Execute Arbitrary Code	af854a3a-2127-422b-91ae-364da2661108	securitytracker.com	Patch
CA iTechnology iGateway service HTTP Content-Length buffer overflow vulnerability	af854a3a-2127-422b-91ae-364da2661108	www3.ca.com
SecurityReason	af854a3a-2127-422b-91ae-364da2661108	securityreason.com
Computer Associates iTechnology iGateway Service Content-Length Heap Overflow Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Patch
Current Intelligence // Advisory: 01.23.06 // iDefense, A VeriSign Company	af854a3a-2127-422b-91ae-364da2661108	www.idefense.com	Patch, Vendor Advisory
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
SupportConnect - Important Security Notice for CA iGateway (Buffer Overrun)	af854a3a-2127-422b-91ae-364da2661108	supportconnectw.ca.com	Patch, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.