Details of VAR-201508-0342

ID

VAR-201508-0342

CVE

CVE-2015-4555

TITLE

plural TIBCO Product HTTP Management Interface Buffer Overflow Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-004504

DESCRIPTION

Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components. TIBCO Rendezvous and others are products of TIBCO Software Corporation of the United States. TIBCO Rendezvous is a middleware product that helps users quickly build and deploy large-scale distributed applications; Substation ES is a substation product that integrates communications software and provides real-time information exchange; Messaging Appliance is a set that reduces transmission delays and improves A messaging software that predicts capabilities and improves message throughput. A buffer overflow vulnerability exists in the HTTP management interface for several TIBCO products. A remote attacker could exploit the vulnerability to cause a denial of service or to execute arbitrary code. Multiple TIBCO products are prone to multiple buffer-overflow vulnerabilities. Failed exploit attempts will result in a denial-of-service condition. The following products are vulnerable: TIBCO Rendezvous 8.4.3 and prior TIBCO Rendezvous Network Server 1.1.0 and prior TIBCO Substation ES 2.8.1 and prior TIBCO Messaging Appliance 8.7.1 and prior

Trust: 2.61

sources: NVD: CVE-2015-4555 // JVNDB: JVNDB-2015-004504 // CNVD: CNVD-2015-05790 // BID: 76492 // IVD: 185e6a3d-806b-4280-97a9-ddba5d0cd26f

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 185e6a3d-806b-4280-97a9-ddba5d0cd26f // CNVD: CNVD-2015-05790

AFFECTED PRODUCTS

vendor:	tibco	model:	rendezvous	scope:	lt	version:	8.4.4	Trust: 1.4
vendor:	tibco	model:	substation es	scope:	lt	version:	2.9.0	Trust: 1.4
vendor:	tibco	model:	substation es	scope:	lte	version:	2.8.1	Trust: 1.0
vendor:	tibco	model:	messaging appliance	scope:	lte	version:	8.7.1	Trust: 1.0
vendor:	tibco	model:	rendezvous	scope:	lte	version:	8.4.3	Trust: 1.0
vendor:	tibco	model:	rendezvous network server	scope:	lte	version:	1.1.0	Trust: 1.0
vendor:	tibco	model:	substation es	scope:	eq	version:	2.8.1	Trust: 0.9
vendor:	tibco	model:	rendezvous	scope:	eq	version:	8.4.3	Trust: 0.9
vendor:	tibco	model:	messaging appliance	scope:	eq	version:	8.7.1	Trust: 0.9
vendor:	tibco	model:	messaging appliance software	scope:	lt	version:	8.7.2	Trust: 0.8
vendor:	tibco	model:	rendezvous network server	scope:	lt	version:	1.1.1	Trust: 0.8
vendor:	tibco	model:	messaging appliance	scope:	lt	version:	8.7.2	Trust: 0.6
vendor:	tibco	model:	rendezvous network server	scope:	eq	version:	1.1.0	Trust: 0.6
vendor:	tibco	model:	substation es	scope:	eq	version:	2.8	Trust: 0.3
vendor:	tibco	model:	rendezvous network server	scope:	eq	version:	1.1	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	8.4.2	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	8.3	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	8.2.9	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	8.2.8	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	8.2.7	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	8.2.6	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	8.2.5	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	8.2.4	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	8.2.3	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	8.2.2	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	8.2.1	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	7.5.4	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	7.5.3	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	7.5.2	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	7.5.1	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	7.4.11	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	5.6.3	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	8.3.1	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	eq	version:	8.0	Trust: 0.3
vendor:	tibco	model:	messaging appliance	scope:	eq	version:	8.7	Trust: 0.3
vendor:	tibco	model:	substation es	scope:	ne	version:	2.9	Trust: 0.3
vendor:	tibco	model:	rendezvous network server	scope:	ne	version:	1.1.1	Trust: 0.3
vendor:	tibco	model:	rendezvous	scope:	ne	version:	8.4.4	Trust: 0.3
vendor:	tibco	model:	messaging appliance	scope:	ne	version:	8.7.2	Trust: 0.3
vendor:	messaging appliance	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	rendezvous	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	rendezvous network server	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	substation es	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 185e6a3d-806b-4280-97a9-ddba5d0cd26f // CNVD: CNVD-2015-05790 // BID: 76492 // JVNDB: JVNDB-2015-004504 // CNNVD: CNNVD-201508-569 // NVD: CVE-2015-4555

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4555
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-4555
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-05790
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201508-569
value:	HIGH
Trust: 0.6
IVD:	185e6a3d-806b-4280-97a9-ddba5d0cd26f
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2015-4555
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-05790
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	185e6a3d-806b-4280-97a9-ddba5d0cd26f
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 185e6a3d-806b-4280-97a9-ddba5d0cd26f // CNVD: CNVD-2015-05790 // JVNDB: JVNDB-2015-004504 // CNNVD: CNNVD-201508-569 // NVD: CVE-2015-4555

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-4555

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-569

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 185e6a3d-806b-4280-97a9-ddba5d0cd26f // CNNVD: CNNVD-201508-569

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004504

PATCH

title:	TIBCO Rendezvous vulnerability	url:	http://www.tibco.com/services/support/advisories	Trust: 0.8
title:	Security Advisories for TIBCO Products (August 25, 2015)	url:	http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt	Trust: 0.8
title:	Patches for multiple TIBCO product buffer overflow vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/63516	Trust: 0.6

sources: CNVD: CNVD-2015-05790 // JVNDB: JVNDB-2015-004504

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4555	Trust: 3.5
db:	SECTRACK	id:	1033677	Trust: 1.0
db:	CNVD	id:	CNVD-2015-05790	Trust: 0.8
db:	CNNVD	id:	CNNVD-201508-569	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004504	Trust: 0.8
db:	BID	id:	76492	Trust: 0.3
db:	IVD	id:	185E6A3D-806B-4280-97A9-DDBA5D0CD26F	Trust: 0.2

sources: IVD: 185e6a3d-806b-4280-97a9-ddba5d0cd26f // CNVD: CNVD-2015-05790 // BID: 76492 // JVNDB: JVNDB-2015-004504 // CNNVD: CNNVD-201508-569 // NVD: CVE-2015-4555

REFERENCES

url:	http://www.tibco.com/mk/advisory.jsp	Trust: 2.2
url:	http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt	Trust: 1.9
url:	http://www.securitytracker.com/id/1033677	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4555	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4555	Trust: 0.8
url:	http://www.tibco.com/index.html	Trust: 0.3

sources: CNVD: CNVD-2015-05790 // BID: 76492 // JVNDB: JVNDB-2015-004504 // CNNVD: CNNVD-201508-569 // NVD: CVE-2015-4555

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 76492

SOURCES

db:	IVD	id:	185e6a3d-806b-4280-97a9-ddba5d0cd26f
db:	CNVD	id:	CNVD-2015-05790
db:	BID	id:	76492
db:	JVNDB	id:	JVNDB-2015-004504
db:	CNNVD	id:	CNNVD-201508-569
db:	NVD	id:	CVE-2015-4555

LAST UPDATE DATE

2025-04-13T23:32:44.472000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05790	date:	2015-09-06T00:00:00
db:	BID	id:	76492	date:	2015-08-25T00:00:00
db:	JVNDB	id:	JVNDB-2015-004504	date:	2015-09-01T00:00:00
db:	CNNVD	id:	CNNVD-201508-569	date:	2015-08-31T00:00:00
db:	NVD	id:	CVE-2015-4555	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	185e6a3d-806b-4280-97a9-ddba5d0cd26f	date:	2015-09-06T00:00:00
db:	CNVD	id:	CNVD-2015-05790	date:	2015-09-06T00:00:00
db:	BID	id:	76492	date:	2015-08-25T00:00:00
db:	JVNDB	id:	JVNDB-2015-004504	date:	2015-09-01T00:00:00
db:	CNNVD	id:	CNNVD-201508-569	date:	2015-08-31T00:00:00
db:	NVD	id:	CVE-2015-4555	date:	2015-08-30T14:59:02.047