CA iTechnology iGateway Service Content-Length Buffer Overflow

Critical Nessus Plugin ID 20805


The remote web server is affected by a buffer overflow vulnerability.


The remote host is using CA iTechnology iGateway service, a software component used in various products from CA.

The version of the iGateway service installed on the remote host reportedly fails to sanitize Content-Length HTTP header values before using them to allocate heap memory. An attacker can supply a negative value, which causes the software to allocate a small buffer, and then overflow that with a long URI. Successful exploitation of this issue can lead to a server crash or possibly the execution of arbitrary code. Note that, under Windows, the server runs with local SYSTEM privileges.


Contact the vendor to upgrade to iGateway 4.0.051230 or later.

See Also

Plugin Details

Severity: Critical

ID: 20805

File Name: igateway_content_length_overflow.nasl

Version: $Revision: 1.17 $

Type: remote

Agent: windows

Family: Windows

Published: 2006/01/24

Modified: 2013/06/03

Dependencies: 10107

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2006/01/23

Vulnerability Publication Date: 2006/01/23

Reference Information

CVE: CVE-2005-3653

BID: 16354

OSVDB: 22688

IAVA: 2006-A-0008