Lucene search

[email protected]CVE-2005-4668

HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-4668

2005-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

information security

parosproxy

hsqldb

cve-2005-4668

sql injection

jdk 1.4.2

7.4 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845.

CPENameOperatorVersion
parosproxy:parosproxyparosproxyeq3.2.1
parosproxy:parosproxyparosproxyeq3.2.0
parosproxy:parosproxyparosproxyeq3.2.3
parosproxy:parosproxyparosproxyeq3.2.4
parosproxy:parosproxyparosproxyeq3.2.6
parosproxy:parosproxyparosproxyeq3.2.2
parosproxy:parosproxyparosproxyeq3.2.5

CPE	Name	Operator	Version
parosproxy:parosproxy	parosproxy	eq	3.2.1
parosproxy:parosproxy	parosproxy	eq	3.2.0
parosproxy:parosproxy	parosproxy	eq	3.2.3
parosproxy:parosproxy	parosproxy	eq	3.2.4
parosproxy:parosproxy	parosproxy	eq	3.2.6
parosproxy:parosproxy	parosproxy	eq	3.2.2
parosproxy:parosproxy	parosproxy	eq	3.2.5

References

archives.neohapsis.com/archives/bugtraq/2005-11/0042.html

archives.neohapsis.com/archives/sf/pentest/2005-11/0048.html

securityreason.com/securityalert/147

sourceforge.net/project/shownotes.php?release_id=367666&group_id=84378

www.osvdb.org/20722

7.4 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2005-4668

cve2 nessus3 centos1 redhat1