Bug 409891 (CVE-2003-0845)

Summary: CVE-2003-0845 JBoss HSQLDB component remote command injection
Product: [Other] Security Response Reporter: Marc Schoenefeld <mschoene>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: dbhole, djorm, kreilly, patrickm, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: source=bugtraq,reported=20031005,public=20031005,impact=moderate
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-29 07:59:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 409901, 409921    
Bug Blocks:    

Description Marc Schoenefeld 2007-12-04 08:49:14 UTC
The hsqldb component in jboss is vulnerable when running in the default
configuration, allows remote attackers to conduct unauthorized activities and
possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701
in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.