[原文]The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845.
ParosProxy contains a flaw that may allow a malicious user to inject arbitary commands in the embedded HSQLDB. The issue is triggered when a local user submits a specially crafted request via JDBC on TCP port 9001. It is possible that the flaw may allow injection of arbitary commands resulting in a loss of integrity.
-
时间线
2005-11-04
Unknow
2005-11-04
Unknow
-
解决方案
Upgrade to version 3.2.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.