{"api_version":"1","generated_at":"2026-04-23T09:51:20+00:00","cve":"CVE-2007-5657","urls":{"html":"https://cve.report/CVE-2007-5657","api":"https://cve.report/api/cve/CVE-2007-5657.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-5657","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-5657"},"summary":{"title":"CVE-2007-5657","description":"TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-01-16 03:00:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-20","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640","name":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.tibco.com/mk/advisory.jsp","name":"http://www.tibco.com/mk/advisory.jsp","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Advisory | TIBCO Software","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt","name":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"404 Not Found","mime":"text/plain","httpstatus":"404","archivestatus":"200"},{"url":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt","name":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"404 Not Found","mime":"text/plain","httpstatus":"404","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/27295","name":"http://www.securityfocus.com/bid/27295","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"TIBCO SmartSockets Multiple Pointer Offset Remote Code Execution Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2008/0173","name":"http://www.vupen.com/english/advisories/2008/0173","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39707","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39707","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28490","name":"http://secunia.com/advisories/28490","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"TIBCO SmartSockets Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1019193","name":"http://securitytracker.com/id?1019193","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"TIBCO SmartSockets Untrusted Pointer and Pointer Offset Values and Buffer Overflows Let Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt","name":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"404 Not Found","mime":"text/plain","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-5657","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5657","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"5657","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"tibco","cpe5":"ems_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5657","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tibco","cpe5":"enterprise_message_service","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5657","vulnerable":"1","versionEndIncluding":"4.0.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tibco","cpe5":"rtworks","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5657","vulnerable":"1","versionEndIncluding":"6.8.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tibco","cpe5":"smartsockets_rtserver","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T15:39:13.578Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"},{"name":"28490","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28490"},{"name":"1019193","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1019193"},{"name":"20080115 TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities","tags":["third-party-advisory","x_refsource_IDEFENSE","x_transferred"],"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640"},{"name":"tibco-rtserver-offset-code-execution(39707)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39707"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.tibco.com/mk/advisory.jsp"},{"name":"27295","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/27295"},{"name":"ADV-2008-0173","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/0173"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-01-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"},{"name":"28490","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28490"},{"name":"1019193","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1019193"},{"name":"20080115 TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities","tags":["third-party-advisory","x_refsource_IDEFENSE"],"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640"},{"name":"tibco-rtserver-offset-code-execution(39707)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39707"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.tibco.com/mk/advisory.jsp"},{"name":"27295","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/27295"},{"name":"ADV-2008-0173","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/0173"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-5657","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt","refsource":"CONFIRM","url":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"},{"name":"28490","refsource":"SECUNIA","url":"http://secunia.com/advisories/28490"},{"name":"1019193","refsource":"SECTRACK","url":"http://securitytracker.com/id?1019193"},{"name":"20080115 TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities","refsource":"IDEFENSE","url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640"},{"name":"tibco-rtserver-offset-code-execution(39707)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39707"},{"name":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt","refsource":"CONFIRM","url":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"},{"name":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt","refsource":"CONFIRM","url":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"},{"name":"http://www.tibco.com/mk/advisory.jsp","refsource":"CONFIRM","url":"http://www.tibco.com/mk/advisory.jsp"},{"name":"27295","refsource":"BID","url":"http://www.securityfocus.com/bid/27295"},{"name":"ADV-2008-0173","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/0173"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-5657","datePublished":"2008-01-16T02:00:00.000Z","dateReserved":"2007-10-23T00:00:00.000Z","dateUpdated":"2024-08-07T15:39:13.578Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-01-16 03:00:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-20","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tibco:rtworks:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.3","matchCriteriaId":"1A4F1058-6D26-4FA9-ACC0-8E2CB9E47EE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:tibco:smartsockets_rtserver:*:*:*:*:*:*:*:*","versionEndIncluding":"6.8.0","matchCriteriaId":"8A607554-6A94-47FC-919C-8BC77E72E527"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tibco:ems_server:*:*:*:*:*:*:*:*","matchCriteriaId":"A71A6DEC-C0A5-456D-BB28-EC5CA61BE796"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tibco:enterprise_message_service:*:*:*:*:*:*:*:*","matchCriteriaId":"C559EFC8-9BA6-41F7-AB44-3C10AEC52F56"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"5657","Ordinal":"1","Title":"CVE-2007-5657","CVE":"CVE-2007-5657","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"5657","Ordinal":"1","NoteData":"TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.","Type":"Description","Title":"CVE-2007-5657"},{"CveYear":"2007","CveId":"5657","Ordinal":"2","NoteData":"2008-01-15","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"5657","Ordinal":"3","NoteData":"2017-07-28","Type":"Other","Title":"Modified"}]}}}