1. CVE-Search
  2. CVE-2005-4668
ID CVE-2005-4668
Summary The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845.
References
Vulnerable Configurations
  • cpe:2.3:a:parosproxy:parosproxy:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:parosproxy:parosproxy:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:parosproxy:parosproxy:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:parosproxy:parosproxy:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:parosproxy:parosproxy:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:parosproxy:parosproxy:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:parosproxy:parosproxy:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:parosproxy:parosproxy:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:parosproxy:parosproxy:3.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:parosproxy:parosproxy:3.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:parosproxy:parosproxy:3.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:parosproxy:parosproxy:3.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:parosproxy:parosproxy:3.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:parosproxy:parosproxy:3.2.6:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 05-09-2008 - 20:57)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20051104 Parosproxy 3.2.6: Local Exploitation, Command injection vulnerability
confirm http://sourceforge.net/project/shownotes.php?release_id=367666&group_id=84378
mlist [Pen-Test] 20051104 Paros 3.2.7 release
osvdb 20722
sreason 147
Last major update 05-09-2008 - 20:57
Published 31-12-2005 - 05:00
Last modified 05-09-2008 - 20:57
Back to Top