J2EE SDK PointBase Database SQL Flaw

2003-12-16T06:39:18
ID OSVDB:3072
Type osvdb
Reporter OSVDB
Modified 2003-12-16T06:39:18

Description

Vulnerability Description

Sun J2EE Reference Implementation on Windows contains a flaw that may allow a malicious user to execute arbitrary files on the host. The issue is triggered when specially crafted SQL statements are issued. It is possible that the flaw may allow DoS or information disclosure, resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Configure a Security Manager object for Pointbase.

Short Description

Sun J2EE Reference Implementation on Windows contains a flaw that may allow a malicious user to execute arbitrary files on the host. The issue is triggered when specially crafted SQL statements are issued. It is possible that the flaw may allow DoS or information disclosure, resulting in a loss of confidentiality, integrity, and/or availability.

References:

Secunia Advisory ID:10460 Other Advisory URL: http://www.securityfocus.com/archive/1/347706 Bugtraq ID: 9230