Denial of Service Vulnerability in TIBCO Rendezvous by TIBCO Software
CVE-2007-4161

Currently unrated

Key Information:

Vendor: Tibco
Status: Rendezvous
Vendor: CVE Published:; 3 August 2007

Summary

A vulnerability exists in TIBCO Rendezvous 7.5.2 that may allow remote attackers to trigger a denial of service by exploiting specific wildcard characters in subject names. Omission of the '-no-lead-wc' option can lead to network instability, caused by the presence of an asterisk or a greater-than sign at the beginning of the subject name. This can severely disrupt service availability and integrity.

References

http://www.securitytracker.com/id?1018512

vdb-entryx_refsource_SECTRACK

http://osvdb.org/37681

vdb-entryx_refsource_OSVDB

http://archives.neohapsis.com/archives/fulldisclosure/200...

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Aug 3, 2007
Vulnerability Reserved
Aug 3, 2007