CVE-2007-4161
https://notcve.org/view.php?id=CVE-2007-4161
rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character. rvd en TIBCO Rendezvous (RV) 7.5.2, cuando se omite -no-lead-wc, podría permitir a atacantes remotos provocar una denegación de servicio (inestabilidad de red) a través de un nombre de asunto con un carácter comodín principal (1) '*' (asterisco) o (2) '>' (mayor que). • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html http://osvdb.org/37681 http://secunia.com/advisories/26337 http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf http://www.securitytracker.com/id?1018512 http://www.vupen.com/english/advisories/2007/2814 •
CVE-2007-4160
https://notcve.org/view.php?id=CVE-2007-4160
The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network. La configuración por defecto de los clientes TIBCO Rendezvous (RV) 7.5.2, cuando se omite el -no-multicast (multidifusión), utiliza un grupo de multicast como el destinatario de un mensaje de red, lo que puede facilitar a los atacantes remotos la captura de mensajes de contenido mediante un rastreador de red. • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html http://osvdb.org/46992 http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf http://www.securitytracker.com/id?1018512 http://www.vupen.com/english/advisories/2007/2814 •
CVE-2007-4162
https://notcve.org/view.php?id=CVE-2007-4162
TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic. TIBCO Rendezvous (RV) 7.5.2 no protege la confidencialidad ni integridad de la comunicación entre-demonios, lo cual permite a atacantes remotos capturar y suplantar tráfico. • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html http://osvdb.org/46991 http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf http://www.securitytracker.com/id?1018512 http://www.vupen.com/english/advisories/2007/2814 •