{"api_version":"1","generated_at":"2026-04-23T09:37:57+00:00","cve":"CVE-2003-0845","urls":{"html":"https://cve.report/CVE-2003-0845","api":"https://cve.report/api/cve/CVE-2003-0845.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2003-0845","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2003-0845"},"summary":{"title":"CVE-2003-0845","description":"Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.","state":"PUBLISHED","assigner":"mitre","published_at":"2003-11-17 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["CWE-89","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Tool Signature"],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27914","name":"http://secunia.com/advisories/27914","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable"],"title":"Red Hat update for openoffice.org and hsqldb - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/8773","name":"http://www.securityfocus.com/bid/8773","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry","Vendor Advisory"],"title":"JBoss HSQLDB Remote Command Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.redhat.com/support/errata/RHSA-2007-1048.html","name":"http://www.redhat.com/support/errata/RHSA-2007-1048.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=106547728803252&w=2","name":"http://marc.info/?l=bugtraq&m=106547728803252&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866","name":"http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"SourceForge.net: Restricting remote access to hsqldb","mime":"text/html","httpstatus":"400","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=106546044416498&w=2","name":"http://marc.info/?l=bugtraq&m=106546044416498&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2003-0845","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2003-0845","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2003","cve_id":"845","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"jboss","cpe5":"jboss","cpe6":"3.0.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"845","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"jboss","cpe5":"jboss","cpe6":"3.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T02:05:12.637Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"8773","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/8773"},{"name":"20031005 JBoss 3.2.1: Remote Command Injection","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=106546044416498&w=2"},{"name":"27914","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/27914"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866"},{"name":"oval:org.mitre.oval:def:11300","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300"},{"name":"20031006 Update JBoss 308 & 321: Remote Command Injection","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=106547728803252&w=2"},{"name":"RHSA-2007:1048","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2007-1048.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2003-10-05T00:00:00.000Z","descriptions":[{"lang":"en","value":"Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-10-10T00:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"8773","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/8773"},{"name":"20031005 JBoss 3.2.1: Remote Command Injection","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=106546044416498&w=2"},{"name":"27914","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/27914"},{"tags":["x_refsource_CONFIRM"],"url":"http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866"},{"name":"oval:org.mitre.oval:def:11300","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300"},{"name":"20031006 Update JBoss 308 & 321: Remote Command Injection","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=106547728803252&w=2"},{"name":"RHSA-2007:1048","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2007-1048.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2003-0845","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"8773","refsource":"BID","url":"http://www.securityfocus.com/bid/8773"},{"name":"20031005 JBoss 3.2.1: Remote Command Injection","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=106546044416498&w=2"},{"name":"27914","refsource":"SECUNIA","url":"http://secunia.com/advisories/27914"},{"name":"http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866","refsource":"CONFIRM","url":"http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866"},{"name":"oval:org.mitre.oval:def:11300","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300"},{"name":"20031006 Update JBoss 308 & 321: Remote Command Injection","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=106547728803252&w=2"},{"name":"RHSA-2007:1048","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2007-1048.html"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2003-0845","datePublished":"2003-10-09T04:00:00.000Z","dateReserved":"2003-10-08T00:00:00.000Z","dateUpdated":"2024-08-08T02:05:12.637Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2003-11-17 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["CWE-89","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jboss:jboss:3.0.8:*:*:*:*:*:*:*","matchCriteriaId":"02A49CA7-EA0B-43CA-B964-D28B14003CF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:jboss:jboss:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"4F77BAF8-2933-405D-AAAC-9B5FE4D9F66F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2003","CveId":"845","Ordinal":"1","Title":"CVE-2003-0845","CVE":"CVE-2003-0845","Year":"2003"},"notes":[{"CveYear":"2003","CveId":"845","Ordinal":"1","NoteData":"Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.","Type":"Description","Title":"CVE-2003-0845"},{"CveYear":"2003","CveId":"845","Ordinal":"2","NoteData":"2003-10-09","Type":"Other","Title":"Published"},{"CveYear":"2003","CveId":"845","Ordinal":"3","NoteData":"2017-10-09","Type":"Other","Title":"Modified"}]}}}