CVE-2005-3190

Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html
http://secunia.com/advisories/17085
http://securityreason.com/securityalert/86
http://securitytracker.com/id?1015045
http://www.osvdb.org/19920
http://www.securityfocus.com/bid/15025
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/22560

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:broadcom:igateway:3.0:::::::*
	cpe:2.3:a:broadcom:igateway:4.0:::::::*

History

No history.

Information

Published : 2005-10-13 22:02

Updated : 2021-04-09 16:56

NVD link : CVE-2005-3190

Mitre link : CVE-2005-3190

CVE.ORG link : CVE-2005-3190

JSON object : View

Products Affected

broadcom

igateway

CWE

NVD-CWE-Other

{"id": "CVE-2005-3190", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-10-13T22:02:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/17085", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/86", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015045", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/19920", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/15025", "source": "cve@mitre.org"}, {"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22560", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests."}], "lastModified": "2021-04-09T16:56:08.623", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:igateway:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE4F8E1B-D85A-42E4-83CE-4BBC365D17E7"}, {"criteria": "cpe:2.3:a:broadcom:igateway:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1120BAF3-910D-4928-80BB-25FB1F87B671"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}