Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4668

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2005-4668
Last Modified 05 Sep 2008 04:57:29
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-4668

Summary

The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845.

Vulnerable Systems

Application

  • Parosproxy 3.2.0

  • Parosproxy 3.2.1

  • Parosproxy 3.2.2

  • Parosproxy 3.2.3

  • Parosproxy 3.2.4

  • Parosproxy 3.2.5

  • Parosproxy 3.2.6


References

OSVDB - 20722

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=367666&group_id=84378

MLIST - [Pen-Test] 20051104 Paros 3.2.7 release

BUGTRAQ - 20051104 Parosproxy 3.2.6: Local Exploitation, Command injection vulnerability

SREASON - 147


Last Updated: 27 May 2016 10:41:23