CVE-2003-0845
published 2003-11-17CVE-2003-0845: Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
15.06%
96.3th percentile
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jboss | jboss | — | — |
| jboss | jboss | — | — |
| jboss | jbpm | — | — |
| parosproxy | parosproxy | — | — |
| parosproxy | parosproxy | — | — |
| parosproxy | parosproxy | — | — |
| parosproxy | parosproxy | — | — |
| parosproxy | parosproxy | — | — |
| parosproxy | parosproxy | — | — |
| parosproxy | parosproxy | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jqq3-hf48-hmvm: A regression error in the embedded HSQLDB in JBoss jBPM 2
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-2158 [HIGH] GHSA-jqq3-hf48-hmvm: A regression error in the embedded HSQLDB in JBoss jBPM 2
A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845.
GHSA
GHSA-f428-825j-hwjh: The embedded HSQLDB in ParosProxy before 3
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-4668 [HIGH] GHSA-f428-825j-hwjh: The embedded HSQLDB in ParosProxy before 3
The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845.
GHSA
GHSA-6rm7-5fjj-275w: Unknown vulnerability in the HSQLDB component in JBoss 3
ghsa_unreviewed·2022-04-29
CVE-2003-0845 [HIGH] CWE-89 GHSA-6rm7-5fjj-275w: Unknown vulnerability in the HSQLDB component in JBoss 3
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
Red Hat
JBoss HSQLDB component remote command injection
vendor_redhat·2003-10-05·CVSS 7.5
CVE-2003-0845 [HIGH] JBoss HSQLDB component remote command injection
JBoss HSQLDB component remote command injection
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
No detection rules found.
http://marc.info/?l=bugtraq&m=106546044416498&w=2http://marc.info/?l=bugtraq&m=106547728803252&w=2http://secunia.com/advisories/27914http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866http://www.redhat.com/support/errata/RHSA-2007-1048.htmlhttp://www.securityfocus.com/bid/8773https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300http://marc.info/?l=bugtraq&m=106546044416498&w=2http://marc.info/?l=bugtraq&m=106547728803252&w=2http://secunia.com/advisories/27914http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866http://www.redhat.com/support/errata/RHSA-2007-1048.htmlhttp://www.securityfocus.com/bid/8773https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300
2003-11-17
Published