10

CVE-2007-5561

Exploit

EPSS 3.65%
Veröffentlicht 18.10.2007 20:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175.  NOTE: this might be the same issue as CVE-2007-0282 or CVE-2007-0280, but there are insufficient details to be sure.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ Enterprise Grid Console Server Version10.2.0.1

Oracle ≫ Opmn Daemon

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.65%	0.867

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://www.irmplc.com/index.php/111-Vendor-Alerts

http://www.irmplc.com/index.php/142-Advisory-021

Patch

Vendor Advisory

Exploit

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html

https://nvd.nist.gov/vuln/detail/CVE-2007-5561

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5561

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5561

EUVD