{"api_version":"1","generated_at":"2026-04-23T09:50:55+00:00","cve":"CVE-2007-5658","urls":{"html":"https://cve.report/CVE-2007-5658","api":"https://cve.report/api/cve/CVE-2007-5658.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-5658","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-5658"},"summary":{"title":"CVE-2007-5658","description":"Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-01-16 03:00:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-20","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.tibco.com/mk/advisory.jsp","name":"http://www.tibco.com/mk/advisory.jsp","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Advisory | TIBCO Software","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt","name":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"404 Not Found","mime":"text/plain","httpstatus":"404","archivestatus":"200"},{"url":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt","name":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"404 Not Found","mime":"text/plain","httpstatus":"404","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/0173","name":"http://www.vupen.com/english/advisories/2008/0173","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39703","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39703","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28490","name":"http://secunia.com/advisories/28490","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"TIBCO SmartSockets Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638","name":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/27294","name":"http://www.securityfocus.com/bid/27294","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"TIBCO SmartSockets Request Heap Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://securitytracker.com/id?1019193","name":"http://securitytracker.com/id?1019193","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"TIBCO SmartSockets Untrusted Pointer and Pointer Offset Values and Buffer Overflows Let Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt","name":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"404 Not Found","mime":"text/plain","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-5658","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5658","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"5658","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tibco","cpe5":"enterprise_message_service","cpe6":"4.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5658","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tibco","cpe5":"enterprise_message_service","cpe6":"4.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5658","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tibco","cpe5":"enterprise_message_service","cpe6":"4.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5658","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tibco","cpe5":"enterprise_message_service","cpe6":"4.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5658","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tibco","cpe5":"enterprise_message_service","cpe6":"4.4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5658","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tibco","cpe5":"enterprise_message_service","cpe6":"4.4.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5658","vulnerable":"1","versionEndIncluding":"4.0.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tibco","cpe5":"rtworks","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5658","vulnerable":"1","versionEndIncluding":"6.8.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tibco","cpe5":"smartsockets_rtserver","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T15:39:13.566Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"27294","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/27294"},{"name":"tibco-rtserver-bo(39703)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39703"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"},{"name":"20080115 TIBCO SmartSockets RTserver Heap Overflow Vulnerability","tags":["third-party-advisory","x_refsource_IDEFENSE","x_transferred"],"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638"},{"name":"28490","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28490"},{"name":"1019193","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1019193"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.tibco.com/mk/advisory.jsp"},{"name":"ADV-2008-0173","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/0173"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-01-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"27294","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/27294"},{"name":"tibco-rtserver-bo(39703)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39703"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"},{"name":"20080115 TIBCO SmartSockets RTserver Heap Overflow Vulnerability","tags":["third-party-advisory","x_refsource_IDEFENSE"],"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638"},{"name":"28490","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28490"},{"name":"1019193","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1019193"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.tibco.com/mk/advisory.jsp"},{"name":"ADV-2008-0173","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/0173"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-5658","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"27294","refsource":"BID","url":"http://www.securityfocus.com/bid/27294"},{"name":"tibco-rtserver-bo(39703)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39703"},{"name":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt","refsource":"CONFIRM","url":"http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"},{"name":"20080115 TIBCO SmartSockets RTserver Heap Overflow Vulnerability","refsource":"IDEFENSE","url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638"},{"name":"28490","refsource":"SECUNIA","url":"http://secunia.com/advisories/28490"},{"name":"1019193","refsource":"SECTRACK","url":"http://securitytracker.com/id?1019193"},{"name":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt","refsource":"CONFIRM","url":"http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"},{"name":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt","refsource":"CONFIRM","url":"http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"},{"name":"http://www.tibco.com/mk/advisory.jsp","refsource":"CONFIRM","url":"http://www.tibco.com/mk/advisory.jsp"},{"name":"ADV-2008-0173","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/0173"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-5658","datePublished":"2008-01-16T02:00:00.000Z","dateReserved":"2007-10-23T00:00:00.000Z","dateUpdated":"2024-08-07T15:39:13.566Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-01-16 03:00:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-20","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tibco:enterprise_message_service:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8A391F64-B618-4961-942C-109CE548FBB9"},{"vulnerable":true,"criteria":"cpe:2.3:a:tibco:enterprise_message_service:4.1.0:*:*:*:*:*:*:*","matchCriteriaId":"3811EEE8-ED90-4272-BDC9-9FBB7E2ABC50"},{"vulnerable":true,"criteria":"cpe:2.3:a:tibco:enterprise_message_service:4.2.0:*:*:*:*:*:*:*","matchCriteriaId":"72D4BFCE-FD9B-45D8-B23A-B928B86ED2B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:tibco:enterprise_message_service:4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A8B14826-B53E-46DC-8AE9-85776867D341"},{"vulnerable":true,"criteria":"cpe:2.3:a:tibco:enterprise_message_service:4.4.0:*:*:*:*:*:*:*","matchCriteriaId":"A42A8728-2B49-4F1F-930C-AB2B808BDDA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:tibco:enterprise_message_service:4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"50598050-FAC6-42B6-98E5-D02DF85F1A07"},{"vulnerable":true,"criteria":"cpe:2.3:a:tibco:rtworks:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.3","matchCriteriaId":"1A4F1058-6D26-4FA9-ACC0-8E2CB9E47EE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:tibco:smartsockets_rtserver:*:*:*:*:*:*:*:*","versionEndIncluding":"6.8.0","matchCriteriaId":"8A607554-6A94-47FC-919C-8BC77E72E527"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"5658","Ordinal":"1","Title":"CVE-2007-5658","CVE":"CVE-2007-5658","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"5658","Ordinal":"1","NoteData":"Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.","Type":"Description","Title":"CVE-2007-5658"},{"CveYear":"2007","CveId":"5658","Ordinal":"2","NoteData":"2008-01-15","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"5658","Ordinal":"3","NoteData":"2017-07-28","Type":"Other","Title":"Modified"}]}}}