Vulnerability Description
The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Parosproxy | Parosproxy | 3.2.0 |
References
- http://archives.neohapsis.com/archives/bugtraq/2005-11/0042.html
- http://archives.neohapsis.com/archives/sf/pentest/2005-11/0048.html
- http://securityreason.com/securityalert/147
- http://sourceforge.net/project/shownotes.php?release_id=367666&group_id=84378Patch
- http://www.osvdb.org/20722Patch
- http://archives.neohapsis.com/archives/bugtraq/2005-11/0042.html
- http://archives.neohapsis.com/archives/sf/pentest/2005-11/0048.html
- http://securityreason.com/securityalert/147
- http://sourceforge.net/project/shownotes.php?release_id=367666&group_id=84378Patch
- http://www.osvdb.org/20722Patch
FAQ
What is CVE-2005-4668?
CVE-2005-4668 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through ...
How severe is CVE-2005-4668?
CVE-2005-4668 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4668?
Check the references section above for vendor advisories and patch information. Affected products include: Parosproxy Parosproxy.