CVE-2007-5561
Oracle Enterprise Grid Console Server 10.2.0.1 - Remote Code Execution via Format String in HTTP URI
Title source: llmDescription
Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175. NOTE: this might be the same issue as CVE-2007-0282 or CVE-2007-0280, but there are insufficient details to be sure.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
http://www.irmplc.com/index.php/111-Vendor-Alerts
Exploit, Patch, Vendor Advisory x_refsource_misc
http://www.irmplc.com/index.php/142-Advisory-021
Vendor Advisory x_refsource_misc
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
Scores
EPSS
0.0772
EPSS Percentile
93.8%
Details
CWE
CWE-134
Status
published
Products (2)
oracle/enterprise_grid_console_server
10.2.0.1
oracle/opmn_daemon
Published
Oct 18, 2007
Tracked Since
Feb 18, 2026