National Cyber-Alert System
Vulnerability Summary: CVE-2003-0845
Orirignal release date: 2003-11-17
Source: US-CERT/NIST

Overview

    Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.

Impact

    CVSS Severity: 10 (High)
    Range: remote
    Authentication: other
    Impact Type: avail,conf,int,sec_prot other="1"

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    JBoss (JBoss Group)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0845