Lucene search

MitreCVE-2007-5658

HistoryJan 16, 2008 - 3:00 a.m.

CVE-2007-5658

2008-01-1603:00:00

CWE-20

mitre

web.nvd.nist.gov

cve-2007-5658

tibco smartsockets

buffer overflow

remote code execution

security vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.043

Percentile

92.5%

JSON

Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.

Affected configurations

Nvd

Node

tibcoenterprise_message_serviceMatch4.0.0

tibcoenterprise_message_serviceMatch4.1.0

tibcoenterprise_message_serviceMatch4.2.0

tibcoenterprise_message_serviceMatch4.3.0

tibcoenterprise_message_serviceMatch4.4.0

tibcoenterprise_message_serviceMatch4.4.1

tibcortworksRange≤4.0.3

tibcosmartsockets_rtserverRange≤6.8.0

VendorProductVersionCPE
tibcoenterprise_message_service4.0.0cpe:2.3:a:tibco:enterprise_message_service:4.0.0:*:*:*:*:*:*:*
tibcoenterprise_message_service4.1.0cpe:2.3:a:tibco:enterprise_message_service:4.1.0:*:*:*:*:*:*:*
tibcoenterprise_message_service4.2.0cpe:2.3:a:tibco:enterprise_message_service:4.2.0:*:*:*:*:*:*:*
tibcoenterprise_message_service4.3.0cpe:2.3:a:tibco:enterprise_message_service:4.3.0:*:*:*:*:*:*:*
tibcoenterprise_message_service4.4.0cpe:2.3:a:tibco:enterprise_message_service:4.4.0:*:*:*:*:*:*:*
tibcoenterprise_message_service4.4.1cpe:2.3:a:tibco:enterprise_message_service:4.4.1:*:*:*:*:*:*:*
tibcortworks*cpe:2.3:a:tibco:rtworks:*:*:*:*:*:*:*:*
tibcosmartsockets_rtserver*cpe:2.3:a:tibco:smartsockets_rtserver:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tibco	enterprise_message_service	4.0.0	cpe:2.3:a:tibco:enterprise_message_service:4.0.0:::::::*
tibco	enterprise_message_service	4.1.0	cpe:2.3:a:tibco:enterprise_message_service:4.1.0:::::::*
tibco	enterprise_message_service	4.2.0	cpe:2.3:a:tibco:enterprise_message_service:4.2.0:::::::*
tibco	enterprise_message_service	4.3.0	cpe:2.3:a:tibco:enterprise_message_service:4.3.0:::::::*
tibco	enterprise_message_service	4.4.0	cpe:2.3:a:tibco:enterprise_message_service:4.4.0:::::::*
tibco	enterprise_message_service	4.4.1	cpe:2.3:a:tibco:enterprise_message_service:4.4.1:::::::*
tibco	rtworks	*	cpe:2.3:a:tibco:rtworks::::::::
tibco	smartsockets_rtserver	*	cpe:2.3:a:tibco:smartsockets_rtserver::::::::

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=638

secunia.com/advisories/28490

securitytracker.com/id?1019193

www.securityfocus.com/bid/27294

www.tibco.com/mk/advisory.jsp

www.tibco.com/resources/mk/ems_security_advisory_20080115.txt

www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt

www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt

www.vupen.com/english/advisories/2008/0173

exchange.xforce.ibmcloud.com/vulnerabilities/39703

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.043

Percentile

92.5%

JSON

Related for CVE-2007-5658