NVD

Id
57572  
Name
CVE-2007-5507  
Description
The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22.  
Reject
 
CVSS Version
2  
CVSS Score
6.4  
Severity
Medium  
CVSS Base Score
6.4  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:P)  
Pub Date
2017-01-07  
Published
2007-10-17  
Modified Date
2012-10-22  
Seq
2007-5507  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
294631 57572 CVE-2007-5507 SSRT061201  View
294632 57572 CVE-2007-5507 3250  View
294633 57572 CVE-2007-5507 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-tns-listener/  View
294634 57572 CVE-2007-5507 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html  View
294635 57572 CVE-2007-5507 20071017 Oracle TNS Listener DoS and/or remote memory inspection  View
294636 57572 CVE-2007-5507 26103  View
294637 57572 CVE-2007-5507 1018823  View
294638 57572 CVE-2007-5507 TA07-290A  View
294639 57572 CVE-2007-5507 ADV-2007-3524  View
294640 57572 CVE-2007-5507 ADV-2007-3626  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
52164 JVNDB-2007-000854 Oracle Database の GIOP サービスにおけるバッファを越えて読み込みを実行してしまう脆弱性 Oracle Database の Oracle Net Services コンポーネントには、TNS Listener の GIOP サービスにおいて、無効なデータサイズの GIOP パケットを処理した際に、バッファ領域を越えて読み込みが実行される脆弱性が存在します。(DB22) CVE-2007-5507 28862 CVE-2007-5507 57572 6.4 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000854.html 2007-10-16 2007-10-29 View