CVE-2007-5561
CWE-134Published: October 18, 2007· Updated: Jun 16, 2026
Official Description
Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175. NOTE: this might be the same issue as CVE-2007-0282 or CVE-2007-0280, but there are insufficient details to be sure.
Technical Analysis
CVE-2007-5561 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
Official Patches & Advisories
All References (6)
Quick Facts
Related CVEs (CWE-134)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2007-5561 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts