Detections
Analytics

Rendezvous < 7.5.1 HTTP Admin Interface Remote Overflow

high Nessus Plugin ID 21677

Language:

Synopsis

The remote server is prone to a buffer overflow attack.

Description

The remote host appears to be running Rendezvous, a commercial messaging software product used for building distributed applications

According to its banner, several of the components in the version of Rendezvous installed on the remote host contain a buffer overflow vulnerability in the HTTP administrative interface that may allow arbitrary code execution subject to the privileges of the user that invoked the daemon, or 'nobody' in the case the remote system is 'unix' and the invoking user was 'root'.

Solution

Upgrade to Rendezvous 7.5.1 or later.

See Also

https://www.tibco.com/support/advisories/2006/06/tibco-security-advisory-june-5-2006-tibco-rendezvous

Plugin Details

Severity: High

ID: 21677

File Name: rendezvous_751.nasl

Version: 1.22

Type: remote

Published: 6/10/2006

Updated: 9/21/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:tibco:rendezvous

Exploit Ease: No known exploits are available

Patch Publication Date: 6/5/2006

Vulnerability Publication Date: 6/5/2006

Reference Information

CVE: CVE-2006-2830

BID: 18301

CERT: 999884