All the vulnerabilites related to ca - unicenter_web_services_distributed_management
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:02
Severity ?
Summary
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
References
cve@mitre.orghttp://marc.info/?l=full-disclosure&m=113803349715927&w=2
cve@mitre.orghttp://secunia.com/advisories/18591Patch, Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/380
cve@mitre.orghttp://securitytracker.com/id?1015526Patch
cve@mitre.orghttp://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.aspPatch, Vendor Advisory
cve@mitre.orghttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=376Patch, Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/22688Patch
cve@mitre.orghttp://www.securityfocus.com/archive/1/423288/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/423403/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/16354Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/0311Vendor Advisory
cve@mitre.orghttp://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/24269
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=full-disclosure&m=113803349715927&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18591Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/380
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015526Patch
af854a3a-2127-422b-91ae-364da2661108http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.aspPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/22688Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/423288/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/423403/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/16354Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/0311Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/24269
Impacted products
Vendor Product Version
broadcom brightstor_arcserve_backup 9.01
broadcom brightstor_arcserve_backup 11.1
broadcom brightstor_arcserve_backup 11.5
broadcom brightstor_arcserve_backup_laptops_desktops 11.0
broadcom brightstor_arcserve_backup_laptops_desktops 11.1
broadcom brightstor_portal 11.1
broadcom brightstor_process_automation_manager 11.1
broadcom brightstor_san_manager 11.1
broadcom brightstor_san_manager 11.5
broadcom brightstor_storage_resource_manager 6.3
broadcom brightstor_storage_resource_manager 6.4
broadcom brightstor_storage_resource_manager 11.1
broadcom brightstor_storage_resource_manager 11.5
broadcom etrust_admin 8.1
broadcom etrust_audit_aries 8.0
broadcom etrust_audit_irecorder 1.5
broadcom etrust_audit_irecorder 1.5
broadcom etrust_audit_irecorder 8.0
broadcom etrust_identity_minder 8.0
broadcom etrust_integrated_threat_management 8.0
broadcom itechnology_igateway *
broadcom unicenter_asset_portfolio_management 11.0
broadcom unicenter_autosys_jm 11.0
broadcom unicenter_service_delivery 11.0
broadcom unicenter_service_desk 11.0
broadcom unicenter_service_desk_knowledge_tools 11.0
broadcom unicenter_service_fulfillment 2.2
broadcom unicenter_service_metric_analysis 11.0
ca brightstor_arcserve_backup 11
ca brightstor_enterprise_backup 10.0
ca brightstor_enterprise_backup 10.5
ca brightstor_enterprise_backup 10.5
ca brightstor_enterprise_backup 10.5
ca etrust_audit_aries 1.5
ca etrust_audit_aries 1.5
ca etrust_directory 8.1_web_components
ca etrust_secure_content_manager 8.0
ca unicenter_application_performance_monitor 11.0
ca unicenter_application_server_managment 11.0
ca unicenter_ca_web_services_distributed_management 11.0
ca unicenter_exchange_management_console 11.0
ca unicenter_management 3.5
ca unicenter_management 11.0
ca unicenter_management 11.0
ca unicenter_service_catalog_fulfillment_accounting 11.0
ca unicenter_service_fulfillment 11.0
ca unicenter_service_level_management 11.0
ca unicenter_web_server_management 11.0
ca unicenter_web_services_distributed_management 11.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB993B2-9A44-40E2-AA05-0CAD04BDC26D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7461AE5-2067-4964-93B7-560CD02CEAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_portal:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F206D15-FF0D-400E-9727-5DA6C07B57EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_process_automation_manager:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD04989D-D045-4693-87DA-16754D9BF644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_san_manager:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA67A49C-688A-4B6E-8B90-BEC937FCEE20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_san_manager:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFD847AD-8AD1-40C1-9582-CC234D900CEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D35A8A-BB31-4FC6-8031-D93FE7347A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7384B78-1F35-4DB4-A128-EBE33FD70C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3F5A1F3-EEE3-4187-9F44-545EB21EF121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_storage_resource_manager:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "152FDE32-0525-4F1E-9BD5-A3EB47644B03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_admin:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "08594EFB-E04B-42E8-BE00-C3ACDB62BA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_audit_aries:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBBF77AF-542C-49E8-8F5A-1C0DB73F2DE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_audit_irecorder:1.5:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "6829D317-1AB6-471B-9CE4-563C4FFB290D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_audit_irecorder:1.5:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "571D4793-63EE-4A9D-991B-0F92842BDF58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_audit_irecorder:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F182A43-4999-441D-9B37-093E033BAADC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_identity_minder:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DF2F1AC-CF62-47CE-96B3-08CE412A7D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_integrated_threat_management:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "045F1ADA-E9D1-4C8B-9275-040939E73A6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:itechnology_igateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA60254A-F0BE-4E53-9D04-C3F4D80E662D",
              "versionEndIncluding": "4.0.050615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_asset_portfolio_management:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3358719-780A-41E1-A09A-7C27C921D6DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_autosys_jm:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "388A5565-442B-441C-B727-586B23FE8540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_service_delivery:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "137A1E55-CDF0-49FF-9A63-5FB44BA9FC40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_service_desk:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2247ED3-2CF1-49A5-9456-F51164A1D220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_service_desk_knowledge_tools:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3046725F-B0C5-4625-AE5D-8B6C7DC9A085",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_service_fulfillment:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF7FADA4-429F-4658-A47C-DCB13D6ED903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_service_metric_analysis:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "607CA384-B71B-460F-ACCF-ACCBC9C17FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
              "matchCriteriaId": "6E236148-4A57-4FDC-A072-A77D3DD2DB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.0:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "15862D0F-90C0-46A3-8457-B1FD8877CC74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "196FFF4A-1976-477B-927F-82A3CBECA530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:tru64:*:*:*:*:*",
              "matchCriteriaId": "5DC10E01-4694-4699-9C8D-328627F515D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:windows_64-bit:*:*:*:*:*",
              "matchCriteriaId": "2C3C45FE-C057-4DF2-8D68-892C9DD47ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:etrust_audit_aries:1.5:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "473DC00E-B779-4CB4-A165-DE2954F225C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:etrust_audit_aries:1.5:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A7A0ED34-94B3-447E-8CF2-8439FAF05894",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:etrust_directory:8.1_web_components:*:*:*:*:*:*:*",
              "matchCriteriaId": "F148F27B-50D6-4C29-BC9D-1E11B783808D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB54A16-5E56-46FC-A49C-56C98C0B8F1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_application_performance_monitor:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "96C5D628-2CBB-4ED1-B7C1-C2ABE6A8E2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_application_server_managment:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54A75987-8E51-4D25-965D-343E8F07BC25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_ca_web_services_distributed_management:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48726411-E052-4F4A-9EAC-7616059E3599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_exchange_management_console:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1ADE61A-3096-4079-B586-00B977B5E523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_management:3.5:*:websphere_mq:*:*:*:*:*",
              "matchCriteriaId": "0FE2A55B-A89D-470E-8E9E-4B1B0FB1C4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_management:11.0:*:weblogic:*:*:*:*:*",
              "matchCriteriaId": "07E5BAC2-FF02-4ADC-9939-AE93B60E53E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_management:11.0:*:websphere:*:*:*:*:*",
              "matchCriteriaId": "DBB1EA1F-57BA-4850-B5C2-6900A1DE80CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_service_catalog_fulfillment_accounting:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8045AE85-40C1-4122-B073-8579E84B88D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_service_fulfillment:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8DB1604-AFCB-4D37-9665-9725119570F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_service_level_management:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF170A77-7B4D-4B0F-BA7C-05773E03DFE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_web_server_management:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11364903-CA67-499C-9BE8-36B01FD7E7A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:unicenter_web_services_distributed_management:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83DFAC82-1835-49EE-AE88-BFFFD2D6C2B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field."
    }
  ],
  "id": "CVE-2005-3653",
  "lastModified": "2024-11-21T00:02:21.310",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18591"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/380"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015526"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/22688"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/16354"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/0311"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015526"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/22688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/16354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/0311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
References
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
cve@mitre.orghttp://secunia.com/advisories/12703Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22229Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1011545
cve@mitre.orghttp://securitytracker.com/id?1016975
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg21178665Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/10490
cve@mitre.orghttp://www.securityfocus.com/archive/1/447648/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/11330
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3873Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17600
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/12703Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22229Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1011545
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016975
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21178665Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/10490
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/447648/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11330
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3873Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17600
Impacted products
Vendor Product Version
ca unicenter_web_services_distributed_management *
ibm trading_partner_interchange *
ibm trading_partner_interchange 4.2.1
jetty jetty_http_server 3.1.6
jetty jetty_http_server 3.1.7
jetty jetty_http_server 4.1.0
jetty jetty_http_server 4.1.0_rc4
jetty jetty_http_server 4.1.1
jetty jetty_http_server 4.2.4
jetty jetty_http_server 4.2.5
jetty jetty_http_server 4.2.6
jetty jetty_http_server 4.2.7
jetty jetty_http_server 4.2.9
jetty jetty_http_server 4.2.11
jetty jetty_http_server 4.2.12
jetty jetty_http_server 4.2.14
jetty jetty_http_server 4.2.15
jetty jetty_http_server 4.2.16
jetty jetty_http_server 4.2.17
jetty jetty_http_server 4.2.18
jetty jetty_http_server 4.2.19


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ca:unicenter_web_services_distributed_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78D5271C-F4AD-4D74-9B7B-A1CC7F9DA2CF",
              "versionEndIncluding": "3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trading_partner_interchange:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69DF396D-2180-44BD-919E-AC0ADF54DC15",
              "versionEndIncluding": "4.2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trading_partner_interchange:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCCD0E32-F57D-4D53-8537-29831AAF505A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DADF8838-B5E7-4C17-9F76-C38D044A3AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:3.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99ECB27E-6852-4EEA-9C1B-0B84FC1202C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85E64C7C-84FA-4AF0-ADA3-3708DADF35C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD27A440-D06A-47D5-97FF-4B56EDD3E8B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "35508567-7C83-4C4B-961B-1BE9B8F3D1D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C276FEC9-68B0-46BC-92A0-65C3B8401FD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "44D01183-FC99-4FD3-965B-38B1FC39048F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3154BBA-DF19-458F-B8D0-CFCAC7DB366A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "512BF3AF-4013-48E7-9546-5052CFBF0B11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FD2684-87CF-4B4D-B3D1-7DE43609D2E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B82462AC-665D-41C0-B198-AA52784DF4C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B21ED45-9C48-4547-BDCE-7EB12B03AAEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA62A170-2544-4D3D-8E22-21F35D2E9944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF5CEA1C-1EC7-49D7-9485-FA8773DA2D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F68F8E1-BF3C-4C99-BE93-985BB8AD51FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0F5EF68-A6FC-4FD7-8C36-4A8623C60622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "858FCD10-5B40-4EA8-BA16-081EFC734695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A293F8-45D0-46F3-93C3-A09542628FE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
    }
  ],
  "id": "CVE-2004-2478",
  "lastModified": "2024-11-20T23:53:27.297",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12703"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22229"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1011545"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016975"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/10490"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11330"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3873"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1011545"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/10490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2004-2478
Vulnerability from cvelistv5
Published
2005-08-21 04:00
Modified
2024-08-08 01:29
Severity ?
Summary
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
References
http://secunia.com/advisories/12703third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3873vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/11330vdb-entry, x_refsource_BID
http://www-1.ibm.com/support/docview.wss?uid=swg21178665x_refsource_MISC
http://secunia.com/advisories/22229third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1016975vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/archive/1/447648/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.htmlmailing-list, x_refsource_FULLDISC
http://securitytracker.com/id?1011545vdb-entry, x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/17600vdb-entry, x_refsource_XF
http://www.osvdb.org/10490vdb-entry, x_refsource_OSVDB
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:29:13.893Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "12703",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12703"
          },
          {
            "name": "ADV-2006-3873",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3873"
          },
          {
            "name": "11330",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11330"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
          },
          {
            "name": "22229",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22229"
          },
          {
            "name": "1016975",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016975"
          },
          {
            "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
          },
          {
            "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
          },
          {
            "name": "1011545",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1011545"
          },
          {
            "name": "trading-partner-gain-access(17600)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
          },
          {
            "name": "10490",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/10490"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "12703",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12703"
        },
        {
          "name": "ADV-2006-3873",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3873"
        },
        {
          "name": "11330",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11330"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
        },
        {
          "name": "22229",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22229"
        },
        {
          "name": "1016975",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016975"
        },
        {
          "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
        },
        {
          "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
        },
        {
          "name": "1011545",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1011545"
        },
        {
          "name": "trading-partner-gain-access(17600)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
        },
        {
          "name": "10490",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/10490"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2478",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "12703",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12703"
            },
            {
              "name": "ADV-2006-3873",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3873"
            },
            {
              "name": "11330",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11330"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665",
              "refsource": "MISC",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21178665"
            },
            {
              "name": "22229",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22229"
            },
            {
              "name": "1016975",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016975"
            },
            {
              "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447648/100/0/threaded"
            },
            {
              "name": "20061003 [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html"
            },
            {
              "name": "1011545",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1011545"
            },
            {
              "name": "trading-partner-gain-access(17600)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17600"
            },
            {
              "name": "10490",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/10490"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2478",
    "datePublished": "2005-08-21T04:00:00",
    "dateReserved": "2005-08-21T00:00:00",
    "dateUpdated": "2024-08-08T01:29:13.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-3653
Vulnerability from cvelistv5
Published
2006-01-23 20:00
Modified
2024-08-07 23:17
Severity ?
Summary
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
References
http://securitytracker.com/id?1015526vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=full-disclosure&m=113803349715927&w=2mailing-list, x_refsource_FULLDISC
http://www.osvdb.org/22688vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/18591third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/16354vdb-entry, x_refsource_BID
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778x_refsource_CONFIRM
http://securityreason.com/securityalert/380third-party-advisory, x_refsource_SREASON
https://exchange.xforce.ibmcloud.com/vulnerabilities/24269vdb-entry, x_refsource_XF
http://www.vupen.com/english/advisories/2006/0311vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/423288/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376third-party-advisory, x_refsource_IDEFENSE
http://www.securityfocus.com/archive/1/423403/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.aspx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:17:23.637Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1015526",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015526"
          },
          {
            "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
          },
          {
            "name": "22688",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/22688"
          },
          {
            "name": "18591",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18591"
          },
          {
            "name": "16354",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16354"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
          },
          {
            "name": "380",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/380"
          },
          {
            "name": "ca-igateway-contentlength-bo(24269)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
          },
          {
            "name": "ADV-2006-0311",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0311"
          },
          {
            "name": "20060127 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
          },
          {
            "name": "20060123 Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
          },
          {
            "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1015526",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015526"
        },
        {
          "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
        },
        {
          "name": "22688",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/22688"
        },
        {
          "name": "18591",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18591"
        },
        {
          "name": "16354",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16354"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
        },
        {
          "name": "380",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/380"
        },
        {
          "name": "ca-igateway-contentlength-bo(24269)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
        },
        {
          "name": "ADV-2006-0311",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0311"
        },
        {
          "name": "20060127 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
        },
        {
          "name": "20060123 Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
        },
        {
          "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3653",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1015526",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015526"
            },
            {
              "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
            },
            {
              "name": "22688",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/22688"
            },
            {
              "name": "18591",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18591"
            },
            {
              "name": "16354",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16354"
            },
            {
              "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778",
              "refsource": "CONFIRM",
              "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
            },
            {
              "name": "380",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/380"
            },
            {
              "name": "ca-igateway-contentlength-bo(24269)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
            },
            {
              "name": "ADV-2006-0311",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0311"
            },
            {
              "name": "20060127 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
            },
            {
              "name": "20060123 Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow",
              "refsource": "IDEFENSE",
              "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
            },
            {
              "name": "20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
            },
            {
              "name": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp",
              "refsource": "CONFIRM",
              "url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3653",
    "datePublished": "2006-01-23T20:00:00",
    "dateReserved": "2005-11-18T00:00:00",
    "dateUpdated": "2024-08-07T23:17:23.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}