CVE-2008-2541 : Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0

Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command.

Published 2008-06-04 20:32:00

Updated 2018-10-11 20:41:48

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2008-2541

Probability of exploitation activity in the next 30 days: 27.72%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-2541

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-2541

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-2541

Products affected by CVE-2008-2541

CA » Etrust Secure Content Manager » Version: 8.0
cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2008-2541

Exploit prediction scoring system (EPSS) score for CVE-2008-2541

CVSS scores for CVE-2008-2541

CWE ids for CVE-2008-2541

References for CVE-2008-2541

Products affected by CVE-2008-2541