CVE-2015-4555

Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.tibco.com/mk/advisory.jsp	Vendor Advisory
http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt	Vendor Advisory
http://www.securitytracker.com/id/1033677	Third Party Advisory VDB Entry

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tibco:rendezvous_network_server::::::::
	cpe:2.3:a:tibco:messaging_appliance::::::::
	cpe:2.3:a:tibco:rendezvous::::::::
	cpe:2.3:a:tibco:substation_es::::::::

Information

Published : 2015-08-30 07:59

Updated : 2016-12-08 10:52

NVD link : CVE-2015-4555

Mitre link : CVE-2015-4555

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

tibco

rendezvous
substation_es
rendezvous_network_server
messaging_appliance

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.tibco.com/mk/advisory.jsp", "name": "http://www.tibco.com/mk/advisory.jsp", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt", "name": "http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id/1033677", "name": "1033677", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-4555", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "acInsufInfo": true, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-08-30T14:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:tibco:rendezvous_network_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.1.0"}, {"cpe23Uri": "cpe:2.3:a:tibco:messaging_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.7.1"}, {"cpe23Uri": "cpe:2.3:a:tibco:rendezvous:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.4.3"}, {"cpe23Uri": "cpe:2.3:a:tibco:substation_es:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.8.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-12-08T18:52Z"}