This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote web server is affected by a buffer overflow vulnerability.
The remote host is using CA iTechnology iGateway service, a
software component used in various products from CA.
The version of the iGateway service installed on the remote host
reportedly fails to sanitize Content-Length HTTP header values before
using them to allocate heap memory. An attacker can supply a negative
value, which causes the software to allocate a small buffer, and then
overflow that with a long URI. Successful exploitation of this issue
can lead to a server crash or possibly the execution of arbitrary
code. Note that, under Windows, the server runs with local SYSTEM
See also :
Contact the vendor to upgrade to iGateway 4.0.051230 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false