{"api_version":"1","generated_at":"2026-04-23T13:25:01+00:00","cve":"CVE-2007-5655","urls":{"html":"https://cve.report/CVE-2007-5655","api":"https://cve.report/api/cve/CVE-2007-5655.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-5655","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-5655"},"summary":{"title":"CVE-2007-5655","description":"TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-01-16 03:00:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-119","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.tibco.com/mk/advisory.jsp","name":"http://www.tibco.com/mk/advisory.jsp","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Advisory | TIBCO Software","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt","name":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"404 Not Found","mime":"text/plain","httpstatus":"404","archivestatus":"200"},{"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639","name":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt","name":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"404 Not Found","mime":"text/plain","httpstatus":"404","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/0173","name":"http://www.vupen.com/english/advisories/2008/0173","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28490","name":"http://secunia.com/advisories/28490","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"TIBCO SmartSockets Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39705","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39705","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/27292","name":"http://www.securityfocus.com/bid/27292","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"TIBCO SmartSockets Untrusted Pointer Multiple Remote Code Execution Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://securitytracker.com/id?1019193","name":"http://securitytracker.com/id?1019193","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"TIBCO SmartSockets Untrusted Pointer and Pointer Offset Values and Buffer Overflows Let Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt","name":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"404 Not Found","mime":"text/plain","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-5655","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5655","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"5655","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"tibco","cpe5":"ems_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5655","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tibco","cpe5":"enterprise_message_service","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5655","vulnerable":"1","versionEndIncluding":"4.0.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tibco","cpe5":"rtworks","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5655","vulnerable":"1","versionEndIncluding":"6.8.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tibco","cpe5":"smartsockets_rtserver","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T15:39:13.605Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"},{"name":"20080115 TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities","tags":["third-party-advisory","x_refsource_IDEFENSE","x_transferred"],"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639"},{"name":"28490","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28490"},{"name":"27292","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/27292"},{"name":"1019193","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1019193"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"},{"name":"tibco-rtserver-pointer-code-execution(39705)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39705"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.tibco.com/mk/advisory.jsp"},{"name":"ADV-2008-0173","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/0173"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-01-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"},{"name":"20080115 TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities","tags":["third-party-advisory","x_refsource_IDEFENSE"],"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639"},{"name":"28490","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28490"},{"name":"27292","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/27292"},{"name":"1019193","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1019193"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"},{"name":"tibco-rtserver-pointer-code-execution(39705)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39705"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.tibco.com/mk/advisory.jsp"},{"name":"ADV-2008-0173","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/0173"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-5655","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt","refsource":"CONFIRM","url":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"},{"name":"20080115 TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities","refsource":"IDEFENSE","url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639"},{"name":"28490","refsource":"SECUNIA","url":"http://secunia.com/advisories/28490"},{"name":"27292","refsource":"BID","url":"http://www.securityfocus.com/bid/27292"},{"name":"1019193","refsource":"SECTRACK","url":"http://securitytracker.com/id?1019193"},{"name":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt","refsource":"CONFIRM","url":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"},{"name":"tibco-rtserver-pointer-code-execution(39705)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39705"},{"name":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt","refsource":"CONFIRM","url":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"},{"name":"http://www.tibco.com/mk/advisory.jsp","refsource":"CONFIRM","url":"http://www.tibco.com/mk/advisory.jsp"},{"name":"ADV-2008-0173","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/0173"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-5655","datePublished":"2008-01-16T02:00:00.000Z","dateReserved":"2007-10-23T00:00:00.000Z","dateUpdated":"2024-08-07T15:39:13.605Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-01-16 03:00:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-119","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tibco:rtworks:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.3","matchCriteriaId":"1A4F1058-6D26-4FA9-ACC0-8E2CB9E47EE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:tibco:smartsockets_rtserver:*:*:*:*:*:*:*:*","versionEndIncluding":"6.8.0","matchCriteriaId":"8A607554-6A94-47FC-919C-8BC77E72E527"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tibco:ems_server:*:*:*:*:*:*:*:*","matchCriteriaId":"A71A6DEC-C0A5-456D-BB28-EC5CA61BE796"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tibco:enterprise_message_service:*:*:*:*:*:*:*:*","matchCriteriaId":"C559EFC8-9BA6-41F7-AB44-3C10AEC52F56"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"5655","Ordinal":"1","Title":"CVE-2007-5655","CVE":"CVE-2007-5655","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"5655","Ordinal":"1","NoteData":"TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.","Type":"Description","Title":"CVE-2007-5655"},{"CveYear":"2007","CveId":"5655","Ordinal":"2","NoteData":"2008-01-15","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"5655","Ordinal":"3","NoteData":"2017-07-28","Type":"Other","Title":"Modified"}]}}}