Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1573

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-1573
Last Modified 02 Jun 2009 12:00:00
Published 01 Jun 2009 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1573

Summary

The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."

Vulnerable Systems

Application

  • Sun J2ee 1.4


References

XF - j2ee-pointbase-sql-injection(14008)

XF - pointbase-command-execution(14883)

XF - pointbase-information-disclosure(14882)

XF - pointbase-insecure-permissions-dos(14881)

BID - 9230

SECTRACK - 1008491

SECUNIA - 10460

BUGTRAQ - 20031216 J2EE 1.4 reference implementation: database component allows remote code execution

FULLDISC - 20040118 Proof-Of-Concept Denial-Of-Service Pointbase 4.6 Java SQL-DB


Last Updated: 27 May 2016 10:38:25