CVE-2007-5656
TIBCO Enterprise Message Service 4.0.0-4.4.1 - Denial of Service and Possible Remote Code Execution via Crafted Requests
Title source: llmDescription
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory.
References (10)
Core 10
Core References
Various Sources x_refsource_confirm
http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt
Various Sources x_refsource_confirm
http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28490
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1019193
Third Party Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=641
Various Sources x_refsource_confirm
http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39708
Various Sources x_refsource_confirm
http://www.tibco.com/mk/advisory.jsp
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27293
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0173
Scores
EPSS
0.1255
EPSS Percentile
94.0%
Details
CWE
CWE-399
Status
published
Products (8)
tibco/enterprise_message_service
4.0.0
tibco/enterprise_message_service
4.1.0
tibco/enterprise_message_service
4.2.0
tibco/enterprise_message_service
4.3.0
tibco/enterprise_message_service
4.4.0
tibco/enterprise_message_service
4.4.1
tibco/rtworks
< 4.0.3
tibco/smartsockets_rtserver
< 6.8.0
Published
Jan 16, 2008
Tracked Since
Feb 18, 2026