CVE-2003-0845 — Vulnetix

CVE-2003-0845 PUBLISHED CVSS 7.5 HIGH

Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.

EPSS 16.70% · 95.1th percentile

Risk Scores

CVSS 2.0

7.5

EPSS Score

16.70%

95.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
jboss	jboss	3.0.8, 3.2.1

Exploit Intelligence

8773 (circl)
20031005 JBoss 3.2.1: Remote Command Injection (circl)
27914 (circl)
http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866 (circl)
oval:org.mitre.oval:def:11300 (circl)
20031006 Update JBoss 308 & 321: Remote Command Injection (circl)
RHSA-2007:1048 (circl)

Timeline

Oct 9, 2003 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
Apr 29, 2022 CVE Updated
May 20, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 17, 2023 EPSS Score

References

8773 vdb
20031005 JBoss 3.2.1: Remote Command Injection mailing-list
27914 third-party-advisory
http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866 url
oval:org.mitre.oval:def:11300 vdb
20031006 Update JBoss 308 & 321: Remote Command Injection mailing-list
RHSA-2007:1048 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2003-0845 advisory

Open in Interactive Console →