CVE-2003-0845

JBoss <3.2.1-3.0.8 - RCE

Title source: llm

Description

Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Marc Schoenefeld · textremotemultiple

https://www.exploit-db.com/exploits/23221

View Code ZIP pw:eip

References (7)

[Mailing List, Third Party Advisory] http://marc.info/?l=bugtraq&m=106546044416498&w=2

[Mailing List, Third Party Advisory] http://marc.info/?l=bugtraq&m=106547728803252&w=2

[Not Applicable] http://secunia.com/advisories/27914

[Broken Link] http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866

[Third Party Advisory] http://www.redhat.com/support/errata/RHSA-2007-1048.html

[Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/8773

[Tool Signature] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300

Scores

EPSS 0.1670

EPSS Percentile 94.8%

Classification

CWE

CWE-89

Status draft

Affected Products (2)

jboss/jboss

jboss/jboss

Timeline

Published Nov 17, 2003

Tracked Since Feb 18, 2026