| Vulnerability Name: | CVE-2007-5561 (CCN-37454) | ||||||||
| Assigned: | 2007-01-16 | ||||||||
| Published: | 2007-01-16 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175. Note: this might be the same issue as CVE-2007-0282 or CVE-2007-0280, but there are insufficient details to be sure. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-134 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-5561 Source: MISC Type: UNKNOWN http://www.irmplc.com/index.php/111-Vendor-Alerts Source: CCN Type: IRM Advisory 021 Remote Format String Vulnerability within the Oracle OPMN Daemon Source: MISC Type: Exploit, Patch, Vendor Advisory http://www.irmplc.com/index.php/142-Advisory-021 Source: CCN Type: Oracle Critical Patch Update - January 2007 Oracle Critical Patch Update Advisory - January 2007 Source: MISC Type: UNKNOWN http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html Source: XF Type: UNKNOWN oracle-opmn-format-string(37454) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||