CVE-2007-5655 - OpenCVE

TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tibco	Ems Server Enterprise Message Service Rtworks Smartsockets Rtserver

Configuration 1 [-]

OR	cpe:2.3:a:tibco:rtworks::::::::
	cpe:2.3:a:tibco:smartsockets_rtserver::::::::

Configuration 2 [-]

AND

cpe:2.3:h:tibco:ems_server:*:*:*:*:*:*:*:*

cpe:2.3:a:tibco:enterprise_message_service:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639
http://secunia.com/advisories/28490
http://securitytracker.com/id?1019193
http://www.securityfocus.com/bid/27292
http://www.tibco.com/mk/advisory.jsp
http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt
http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt
http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt
http://www.vupen.com/english/advisories/2008/0173
https://exchange.xforce.ibmcloud.com/vulnerabilities/39705

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-01-16T02:00:00

Updated: 2024-08-07T15:39:13.605Z

Reserved: 2007-10-23T00:00:00

Link: CVE-2007-5655

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-01-16T03:00:00.000

Modified: 2017-07-29T01:33:47.630

Link: CVE-2007-5655

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-15T00:00:00", "descriptions": [{"lang": "en", "value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"}, {"name": "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639"}, {"name": "28490", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28490"}, {"name": "27292", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27292"}, {"name": "1019193", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1019193"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"}, {"name": "tibco-rtserver-pointer-code-execution(39705)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39705"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.tibco.com/mk/advisory.jsp"}, {"name": "ADV-2008-0173", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0173"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5655", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt", "refsource": "CONFIRM", "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"}, {"name": "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639"}, {"name": "28490", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28490"}, {"name": "27292", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27292"}, {"name": "1019193", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019193"}, {"name": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt", "refsource": "CONFIRM", "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"}, {"name": "tibco-rtserver-pointer-code-execution(39705)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39705"}, {"name": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt", "refsource": "CONFIRM", "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"}, {"name": "http://www.tibco.com/mk/advisory.jsp", "refsource": "CONFIRM", "url": "http://www.tibco.com/mk/advisory.jsp"}, {"name": "ADV-2008-0173", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0173"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:39:13.605Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"}, {"name": "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639"}, {"name": "28490", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28490"}, {"name": "27292", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27292"}, {"name": "1019193", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1019193"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"}, {"name": "tibco-rtserver-pointer-code-execution(39705)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39705"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.tibco.com/mk/advisory.jsp"}, {"name": "ADV-2008-0173", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0173"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5655", "datePublished": "2008-01-16T02:00:00", "dateReserved": "2007-10-23T00:00:00", "dateUpdated": "2024-08-07T15:39:13.605Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:rtworks:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A4F1058-6D26-4FA9-ACC0-8E2CB9E47EE8", "versionEndIncluding": "4.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:smartsockets_rtserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A607554-6A94-47FC-919C-8BC77E72E527", "versionEndIncluding": "6.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:tibco:ems_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "A71A6DEC-C0A5-456D-BB28-EC5CA61BE796", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:enterprise_message_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "C559EFC8-9BA6-41F7-AB44-3C10AEC52F56", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers."}, {"lang": "es", "value": "TIBCO SmartSockets RTserver 6.8.0 y anteriores, RTworks anterior a 4.0.4, y Enterprise Message Service (EMS) 4.0.0 hasta la 4.4.1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de respuestas manipuladas que contienen valores que son utilizados como punteros."}], "id": "CVE-2007-5655", "lastModified": "2017-07-29T01:33:47.630", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-01-16T03:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28490"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1019193"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27292"}, {"source": "cve@mitre.org", "url": "http://www.tibco.com/mk/advisory.jsp"}, {"source": "cve@mitre.org", "url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"}, {"source": "cve@mitre.org", "url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"}, {"source": "cve@mitre.org", "url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0173"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39705"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}