CVE-2003-0845

Current Description

Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.

Referenced by CVEs:CVE-2005-2158, CVE-2005-4668

Basic Data

PublishedNovember 17, 2003
Last ModifiedMarch 24, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-89
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationJbossJboss3.0.8*******
    2.3ApplicationJbossJboss3.2.1*******

Vulnerable Software List

VendorProductVersions
Jboss Jboss 3.0.8, 3.2.1

References

NameSourceURLTags
20031005 JBoss 3.2.1: Remote Command Injectionhttp://marc.info/?l=bugtraq&m=106546044416498&w=2BUGTRAQMailing List Third Party Advisory
20031006 Update JBoss 308 & 321: Remote Command Injectionhttp://marc.info/?l=bugtraq&m=106547728803252&w=2BUGTRAQMailing List Third Party Advisory
27914http://secunia.com/advisories/27914SECUNIANot Applicable
http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866CONFIRMBroken Link
RHSA-2007:1048http://www.redhat.com/support/errata/RHSA-2007-1048.htmlREDHATThird Party Advisory
8773http://www.securityfocus.com/bid/8773BIDPATCH Third Party Advisory VDB Entry Vendor Advisory
oval:org.mitre.oval:def:11300https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300OVALTool Signature