| VID |
23169 |
| Severity |
40 |
| Port |
7580,7585 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The Rendezvous HTTP server, according to its banner, has a buffer overflow flaw which exist in versions prior to 7.5.1. TIBCO Rendezvous is a commercial messaging software product used for building distributed applications. TIBCO Rendezvous versions prior to 7.5.1 are vulnerable to a buffer overflow vulnerability in the HTTP administrative interface. By sending a specially-crafted HTTP request to the administrative interface, a remote attacker could exploit this vulnerability to execute arbitrary code on the affected host or cause the affected daemon to crash.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.tibco.com/resources/mk/rendezvous_security_advisory.txt
http://www.tibco.com/software/messaging/rendezvous.jsp
http://www.kb.cert.org/vuls/id/999884
http://www.frsirt.com/english/advisories/2006/2155
* Platforms Affected:
TIBCO Software Inc., TIBCO Rendezvous versions prior to 7.5.1
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Rendezvous (7.5.1 or later) or follow the vender's instructions, as listed in the TIBCO Software Inc. Security Advisory
at http://www.tibco.com/resources/mk/rendezvous_security_advisory.txt |
| Related URL |
CVE-2006-2830 (CVE) |
| Related URL |
18301 (SecurityFocus) |
| Related URL |
26939 (ISS) |
|
