PT-2008-1507 · Tibco · Tibco Enterprise Message Service+2
Published
2008-01-16
·
Updated
2017-07-29
·
CVE-2007-5658
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TIBCO SmartSockets RTserver versions 6.8.0 and earlier
TIBCO RTworks versions prior to 4.0.4
TIBCO Enterprise Message Service (EMS) versions 4.0.0 through 4.4.1
Description
The issue allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger a heap-based buffer overflow.
Recommendations
For TIBCO SmartSockets RTserver versions 6.8.0 and earlier, update to a version later than 6.8.0.
For TIBCO RTworks versions prior to 4.0.4, update to version 4.0.4 or later.
For TIBCO Enterprise Message Service (EMS) versions 4.0.0 through 4.4.1, update to a version later than 4.4.1.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tibco Enterprise Message Service
Tibco Rtworks
Tibco Smartsockets Rtserver