Computer Associates has an announcement concerning an "iGateway debug mode HTTP GET request buffer overflow vulnerability" that says "Remote attackers can execute arbitrary code." Exploit code is publicly available. Their is no patch available at this moment, the recommended workaround is "do not run iGateway in debug mode." Computer Associates announcement references CA iGateway 3.0, and CA iGateway 4.0.