Vulnerability Details : CVE-2003-0845
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
Vulnerability category: Sql InjectionExecute code
Exploit prediction scoring system (EPSS) score for CVE-2003-0845
Probability of exploitation activity in the next 30 days: 10.90%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2003-0845
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2003-0845
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2003-0845
-
http://www.redhat.com/support/errata/RHSA-2007-1048.html
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300
Tool Signature
-
http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866
Broken Link
-
http://www.securityfocus.com/bid/8773
Patch;Third Party Advisory;VDB Entry;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=106547728803252&w=2
Mailing List;Third Party Advisory
-
http://marc.info/?l=bugtraq&m=106546044416498&w=2
Mailing List;Third Party Advisory
Products affected by CVE-2003-0845
- cpe:2.3:a:jboss:jboss:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss:3.2.1:*:*:*:*:*:*:*