Vulnerability Details : CVE-2005-3190
Public exploit exists!
Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2005-3190
Probability of exploitation activity in the next 30 days: 61.69%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2005-3190
-
CA iTechnology iGateway Debug Mode Buffer Overflow
Disclosure Date: 2005-10-06First seen: 2020-04-26exploit/windows/http/ca_igateway_debugThis module exploits a vulnerability in the Computer Associates iTechnology iGateway component. When <Debug>True</Debug> is enabled in igateway.conf (non-default), it is possible to overwrite the stack and execute code remotely. This module works best with Ordinal
CVSS scores for CVE-2005-3190
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2005-3190
-
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0349.html
-
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0418.html
-
http://www.securityfocus.com/bid/15025
Computer Associates Multiple Product HTTP Request Remote Buffer Overflow Vulnerability
-
http://securitytracker.com/id?1015045
-
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/22560
-
http://securityreason.com/securityalert/86
Products affected by CVE-2005-3190
- cpe:2.3:a:broadcom:igateway:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:igateway:4.0:*:*:*:*:*:*:*