Lucene search

[email protected]CVE-2007-2489

HistoryMay 03, 2007 - 11:19 p.m.

CVE-2007-2489

2007-05-0323:19:00

[email protected]

web.nvd.nist.gov

cve-2007-2489

buffer overflow

livedata protocol server

denial of service

arbitrary code execution

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.148 Low

EPSS

Percentile

95.8%

JSON

Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and other versions before update 500062 (5.00.062), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request for a WSDL file that causes a negative length to be used in a strncpy call.

Affected configurations

NVD

Node

livedataprotocol_serverRange≤5.00.045

CPENameOperatorVersion
livedata:protocol_serverlivedata protocol serverle5.00.045

CPE	Name	Operator	Version
livedata:protocol_server	livedata protocol server	le	5.00.045

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=523

osvdb.org/35529

secunia.com/advisories/25076

www.kb.cert.org/vuls/id/213516

www.securityfocus.com/bid/23773

www.securitytracker.com/id?1017998

www.vupen.com/english/advisories/2007/1633

exchange.xforce.ibmcloud.com/vulnerabilities/34031

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.148 Low

EPSS

Percentile

95.8%

JSON

Related for CVE-2007-2489

cvelist1 prion1 nvd1 cert1 nessus1 securityvulns1