Family: Gain root remotely --> Category: infos
iTechnology iGateway Content-Length Buffer Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for Content-Length buffer overflow vulnerability in iTechnology iGateway
Detailed Explanation for this Vulnerability Test
The remote web server is affected by a buffer overflow vulnerability.
The remote host is using Computer Associates iTechnology iGateway
service, a software component used in various products from Computer
The version of the iGateway service installed on the remote host
reportedly fails to sanitize Content-Length HTTP header values before
using them to allocate heap memory. A possible hacker can supply a negative
value, which causes the software to allocate a small buffer, and then
overflow that with a long URI. Successful exploitation of this issue
can lead to a server crash or possibly the execution of arbitrary
code. Note that, under Windows, the server runs with local SYSTEM
See also :
Contact the vendor to upgrade to iGateway 4.0.051230 or later.
Critical / CVSS Base Score : 10
Click HERE for more information and discussions on this network vulnerability scan.