CVE-2003-0845
JBoss 3.0.8/3.2.1 - HSQLDB Remote Command Injection
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
Vulnerabilidad desconocida en el componenete HSQLDB en JBoss 3.2.1 y 3.0.8 en plataformas Java 1.4.x, cuando corre con la configuración por defecto, permite a atacantes remotos llevar a cabo actividades no autorizadas y posiblemente ejecutar código arbitrario mediante ciertas sentecias SQL a los puertos TCP 1701 en JBoss 3.2.1 y 1476 en JBoss 3.0.8
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2003-10-06 First Exploit
- 2003-10-08 CVE Reserved
- 2003-10-09 CVE Published
- 2023-10-24 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=106546044416498&w=2 | Mailing List | |
| http://marc.info/?l=bugtraq&m=106547728803252&w=2 | Mailing List | |
| http://secunia.com/advisories/27914 | Not Applicable | |
| http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866 | Broken Link | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/23221 | 2003-10-06 |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/8773 | 2020-03-24 |
| URL | Date | SRC |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2007-1048.html | 2020-03-24 | |
| https://access.redhat.com/security/cve/CVE-2003-0845 | 2007-12-05 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=409891 | 2007-12-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Jboss Search vendor "Jboss" | Jboss Search vendor "Jboss" for product "Jboss" | 3.0.8 Search vendor "Jboss" for product "Jboss" and version "3.0.8" | - |
Affected
| ||||||
| Jboss Search vendor "Jboss" | Jboss Search vendor "Jboss" for product "Jboss" | 3.2.1 Search vendor "Jboss" for product "Jboss" and version "3.2.1" | - |
Affected
| ||||||