Intrusion Prevention

CA.iGateway.HTTP.Request.Remote.Buffer.Overflow

Description

This indicates a possible attempt to exploit a buffer overflow vulnerability in Computer Associates BrightStor products and iGateway.
The iGateway component fails to properly handle specially crafted HTTP GET requests. By sending specially crafted HTTP GET requests to port 5250 when the debug mode is enabled (which is not the system default), a remote or local attacker could overflow a buffer and execute arbitrary code on the target system.

Affected Products

Computer Associates BrightStor ARCserve Backup versions 9.x and 11.x
BrightStor Enterprise Backup versions 10.x
BrightStor Portal versions 11.x
BrightStor ARCserve 2000
iGateway versions 3.0 and 4.0

Impact

System compromise: remote code execution.

Recommended Actions

An update of Computer Associates advisory CAID 33485 is available with fixes for this issue.

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=33485

ID	11257
Created	Oct 21, 2005
Updated	Feb 24, 2022
Risk
CVE ID	CVE-2005-3190
Exploit Prediction Score	61.69%
Default Action	drop
Active
Affected OS	Windows
Affected App	CA

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Intrusion Prevention

CA.iGateway.HTTP.Request.Remote.Buffer.Overflow

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Intrusion Prevention

CA.iGateway.HTTP.Request.Remote.Buffer.Overflow

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

References

Threat Intelligence
Center