Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.
https://exchange.xforce.ibmcloud.com/vulnerabilities/7652
http://www.valicert.com/support/security_advisory_eva.html
http://www.securityfocus.com/bid/3636
http://www.securityfocus.com/bid/3635
http://www.securityfocus.com/bid/3634
http://www.securityfocus.com/bid/3633
http://www.securityfocus.com/bid/3632
http://www.securityfocus.com/bid/3631
http://www.securityfocus.com/bid/3630
http://www.securityfocus.com/bid/3629
http://www.securityfocus.com/bid/3628
http://www.securityfocus.com/bid/3627
http://www.securityfocus.com/bid/3625
http://www.securityfocus.com/bid/3624
http://www.securityfocus.com/bid/3622