Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for jboss by jboss

    CVE-2007-1157 (GCVE-0-2007-1157)

    Vulnerability from nvd – Published: 2007-02-27 18:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/33142 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/460934/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/461004/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "33142",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33142"
              },
              {
                "name": "jboss-jmxconsole-csrf(32673)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32673"
              },
              {
                "name": "20070222 JBoss jmx-console CSRF",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/460934/100/0/threaded"
              },
              {
                "name": "20070223 Re: JBoss jmx-console CSRF",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/461004/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "33142",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33142"
            },
            {
              "name": "jboss-jmxconsole-csrf(32673)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32673"
            },
            {
              "name": "20070222 JBoss jmx-console CSRF",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/460934/100/0/threaded"
            },
            {
              "name": "20070223 Re: JBoss jmx-console CSRF",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/461004/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1157",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "33142",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33142"
                },
                {
                  "name": "jboss-jmxconsole-csrf(32673)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32673"
                },
                {
                  "name": "20070222 JBoss jmx-console CSRF",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/460934/100/0/threaded"
                },
                {
                  "name": "20070223 Re: JBoss jmx-console CSRF",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/461004/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1157",
        "datePublished": "2007-02-27T18:00:00.000Z",
        "dateReserved": "2007-02-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2006 (GCVE-0-2005-2006)

    Vulnerability from nvd – Published: 2005-06-20 04:00 – Updated: 2024-08-07 22:15
    VLAI
    Summary
    JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www1.itrc.hp.com/service/cki/docDisplay.do… vendor-advisoryx_refsource_HP
    http://www.vupen.com/english/advisories/2005/0815 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/15746 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/13985 vdb-entryx_refsource_BID
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://secunia.com/advisories/17559 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/18789 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1015605 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/440641/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2006/0497 vdb-entryx_refsource_VUPEN
    http://marc.info/?l=bugtraq&m=111911095424496&w=2 mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/439 third-party-advisoryx_refsource_SREASON
    Date Public
    2005-06-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:15:36.865Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SSRT061108",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
              },
              {
                "name": "ADV-2005-0815",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/0815"
              },
              {
                "name": "15746",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/15746"
              },
              {
                "name": "13985",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/13985"
              },
              {
                "name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
              },
              {
                "name": "17559",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17559"
              },
              {
                "name": "18789",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18789"
              },
              {
                "name": "1015605",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015605"
              },
              {
                "name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
              },
              {
                "name": "ADV-2006-0497",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0497"
              },
              {
                "name": "20050617 JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=111911095424496\u0026w=2"
              },
              {
                "name": "439",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/439"
              },
              {
                "name": "HPSBMA02096",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a \"%.\" (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SSRT061108",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
            },
            {
              "name": "ADV-2005-0815",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/0815"
            },
            {
              "name": "15746",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/15746"
            },
            {
              "name": "13985",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/13985"
            },
            {
              "name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
            },
            {
              "name": "17559",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17559"
            },
            {
              "name": "18789",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18789"
            },
            {
              "name": "1015605",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015605"
            },
            {
              "name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
            },
            {
              "name": "ADV-2006-0497",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0497"
            },
            {
              "name": "20050617 JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=111911095424496\u0026w=2"
            },
            {
              "name": "439",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/439"
            },
            {
              "name": "HPSBMA02096",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-2006",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a \"%.\" (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SSRT061108",
                  "refsource": "HP",
                  "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
                },
                {
                  "name": "ADV-2005-0815",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/0815"
                },
                {
                  "name": "15746",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/15746"
                },
                {
                  "name": "13985",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/13985"
                },
                {
                  "name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
                },
                {
                  "name": "17559",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17559"
                },
                {
                  "name": "18789",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18789"
                },
                {
                  "name": "1015605",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015605"
                },
                {
                  "name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
                },
                {
                  "name": "ADV-2006-0497",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0497"
                },
                {
                  "name": "20050617 JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=111911095424496\u0026w=2"
                },
                {
                  "name": "439",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/439"
                },
                {
                  "name": "HPSBMA02096",
                  "refsource": "HP",
                  "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-2006",
        "datePublished": "2005-06-20T04:00:00.000Z",
        "dateReserved": "2005-06-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:15:36.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0845 (GCVE-0-2003-0845)

    Vulnerability from nvd – Published: 2003-10-09 04:00 – Updated: 2024-08-08 02:05
    VLAI
    Summary
    Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/8773 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=106546044416498&w=2 mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/27914 third-party-advisoryx_refsource_SECUNIA
    http://sourceforge.net/docman/display_doc.php?doc… x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://marc.info/?l=bugtraq&m=106547728803252&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.redhat.com/support/errata/RHSA-2007-10… vendor-advisoryx_refsource_REDHAT
    Date Public
    2003-10-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:05:12.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "8773",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/8773"
              },
              {
                "name": "20031005 JBoss 3.2.1: Remote Command Injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=106546044416498\u0026w=2"
              },
              {
                "name": "27914",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27914"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/docman/display_doc.php?docid=19314\u0026group_id=22866"
              },
              {
                "name": "oval:org.mitre.oval:def:11300",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300"
              },
              {
                "name": "20031006 Update JBoss 308 \u0026 321: Remote Command Injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=106547728803252\u0026w=2"
              },
              {
                "name": "RHSA-2007:1048",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-1048.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "8773",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/8773"
            },
            {
              "name": "20031005 JBoss 3.2.1: Remote Command Injection",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=106546044416498\u0026w=2"
            },
            {
              "name": "27914",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27914"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/docman/display_doc.php?docid=19314\u0026group_id=22866"
            },
            {
              "name": "oval:org.mitre.oval:def:11300",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300"
            },
            {
              "name": "20031006 Update JBoss 308 \u0026 321: Remote Command Injection",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=106547728803252\u0026w=2"
            },
            {
              "name": "RHSA-2007:1048",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1048.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0845",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "8773",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/8773"
                },
                {
                  "name": "20031005 JBoss 3.2.1: Remote Command Injection",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=106546044416498\u0026w=2"
                },
                {
                  "name": "27914",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27914"
                },
                {
                  "name": "http://sourceforge.net/docman/display_doc.php?docid=19314\u0026group_id=22866",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/docman/display_doc.php?docid=19314\u0026group_id=22866"
                },
                {
                  "name": "oval:org.mitre.oval:def:11300",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300"
                },
                {
                  "name": "20031006 Update JBoss 308 \u0026 321: Remote Command Injection",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=106547728803252\u0026w=2"
                },
                {
                  "name": "RHSA-2007:1048",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-1048.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0845",
        "datePublished": "2003-10-09T04:00:00.000Z",
        "dateReserved": "2003-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:05:12.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1157 (GCVE-0-2007-1157)

    Vulnerability from cvelistv5 – Published: 2007-02-27 18:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/33142 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/460934/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/461004/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "33142",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33142"
              },
              {
                "name": "jboss-jmxconsole-csrf(32673)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32673"
              },
              {
                "name": "20070222 JBoss jmx-console CSRF",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/460934/100/0/threaded"
              },
              {
                "name": "20070223 Re: JBoss jmx-console CSRF",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/461004/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "33142",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33142"
            },
            {
              "name": "jboss-jmxconsole-csrf(32673)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32673"
            },
            {
              "name": "20070222 JBoss jmx-console CSRF",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/460934/100/0/threaded"
            },
            {
              "name": "20070223 Re: JBoss jmx-console CSRF",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/461004/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1157",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "33142",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33142"
                },
                {
                  "name": "jboss-jmxconsole-csrf(32673)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32673"
                },
                {
                  "name": "20070222 JBoss jmx-console CSRF",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/460934/100/0/threaded"
                },
                {
                  "name": "20070223 Re: JBoss jmx-console CSRF",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/461004/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1157",
        "datePublished": "2007-02-27T18:00:00.000Z",
        "dateReserved": "2007-02-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2006 (GCVE-0-2005-2006)

    Vulnerability from cvelistv5 – Published: 2005-06-20 04:00 – Updated: 2024-08-07 22:15
    VLAI
    Summary
    JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www1.itrc.hp.com/service/cki/docDisplay.do… vendor-advisoryx_refsource_HP
    http://www.vupen.com/english/advisories/2005/0815 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/15746 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/13985 vdb-entryx_refsource_BID
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://secunia.com/advisories/17559 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/18789 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1015605 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/440641/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2006/0497 vdb-entryx_refsource_VUPEN
    http://marc.info/?l=bugtraq&m=111911095424496&w=2 mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/439 third-party-advisoryx_refsource_SREASON
    Date Public
    2005-06-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:15:36.865Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SSRT061108",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
              },
              {
                "name": "ADV-2005-0815",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/0815"
              },
              {
                "name": "15746",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/15746"
              },
              {
                "name": "13985",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/13985"
              },
              {
                "name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
              },
              {
                "name": "17559",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17559"
              },
              {
                "name": "18789",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18789"
              },
              {
                "name": "1015605",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015605"
              },
              {
                "name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
              },
              {
                "name": "ADV-2006-0497",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0497"
              },
              {
                "name": "20050617 JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=111911095424496\u0026w=2"
              },
              {
                "name": "439",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/439"
              },
              {
                "name": "HPSBMA02096",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a \"%.\" (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SSRT061108",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
            },
            {
              "name": "ADV-2005-0815",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/0815"
            },
            {
              "name": "15746",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/15746"
            },
            {
              "name": "13985",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/13985"
            },
            {
              "name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
            },
            {
              "name": "17559",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17559"
            },
            {
              "name": "18789",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18789"
            },
            {
              "name": "1015605",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015605"
            },
            {
              "name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
            },
            {
              "name": "ADV-2006-0497",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0497"
            },
            {
              "name": "20050617 JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=111911095424496\u0026w=2"
            },
            {
              "name": "439",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/439"
            },
            {
              "name": "HPSBMA02096",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-2006",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a \"%.\" (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SSRT061108",
                  "refsource": "HP",
                  "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
                },
                {
                  "name": "ADV-2005-0815",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/0815"
                },
                {
                  "name": "15746",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/15746"
                },
                {
                  "name": "13985",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/13985"
                },
                {
                  "name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
                },
                {
                  "name": "17559",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17559"
                },
                {
                  "name": "18789",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18789"
                },
                {
                  "name": "1015605",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015605"
                },
                {
                  "name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
                },
                {
                  "name": "ADV-2006-0497",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0497"
                },
                {
                  "name": "20050617 JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=111911095424496\u0026w=2"
                },
                {
                  "name": "439",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/439"
                },
                {
                  "name": "HPSBMA02096",
                  "refsource": "HP",
                  "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-2006",
        "datePublished": "2005-06-20T04:00:00.000Z",
        "dateReserved": "2005-06-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:15:36.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0845 (GCVE-0-2003-0845)

    Vulnerability from cvelistv5 – Published: 2003-10-09 04:00 – Updated: 2024-08-08 02:05
    VLAI
    Summary
    Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/8773 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=106546044416498&w=2 mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/27914 third-party-advisoryx_refsource_SECUNIA
    http://sourceforge.net/docman/display_doc.php?doc… x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://marc.info/?l=bugtraq&m=106547728803252&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.redhat.com/support/errata/RHSA-2007-10… vendor-advisoryx_refsource_REDHAT
    Date Public
    2003-10-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:05:12.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "8773",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/8773"
              },
              {
                "name": "20031005 JBoss 3.2.1: Remote Command Injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=106546044416498\u0026w=2"
              },
              {
                "name": "27914",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27914"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/docman/display_doc.php?docid=19314\u0026group_id=22866"
              },
              {
                "name": "oval:org.mitre.oval:def:11300",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300"
              },
              {
                "name": "20031006 Update JBoss 308 \u0026 321: Remote Command Injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=106547728803252\u0026w=2"
              },
              {
                "name": "RHSA-2007:1048",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-1048.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "8773",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/8773"
            },
            {
              "name": "20031005 JBoss 3.2.1: Remote Command Injection",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=106546044416498\u0026w=2"
            },
            {
              "name": "27914",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27914"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/docman/display_doc.php?docid=19314\u0026group_id=22866"
            },
            {
              "name": "oval:org.mitre.oval:def:11300",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300"
            },
            {
              "name": "20031006 Update JBoss 308 \u0026 321: Remote Command Injection",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=106547728803252\u0026w=2"
            },
            {
              "name": "RHSA-2007:1048",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1048.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0845",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "8773",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/8773"
                },
                {
                  "name": "20031005 JBoss 3.2.1: Remote Command Injection",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=106546044416498\u0026w=2"
                },
                {
                  "name": "27914",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27914"
                },
                {
                  "name": "http://sourceforge.net/docman/display_doc.php?docid=19314\u0026group_id=22866",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/docman/display_doc.php?docid=19314\u0026group_id=22866"
                },
                {
                  "name": "oval:org.mitre.oval:def:11300",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300"
                },
                {
                  "name": "20031006 Update JBoss 308 \u0026 321: Remote Command Injection",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=106547728803252\u0026w=2"
                },
                {
                  "name": "RHSA-2007:1048",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-1048.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0845",
        "datePublished": "2003-10-09T04:00:00.000Z",
        "dateReserved": "2003-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:05:12.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }