Remote Code Execution and Information Disclosure in PointBase Database Component by Sun Microsystems
CVE-2003-1573

Currently unrated

Key Information:

Vendor: Oracle
Status: J2ee
Vendor: CVE Published:; 1 June 2009

Summary

The PointBase 4.6 database component within the J2EE 1.4 reference implementation is susceptible to vulnerabilities that allow unauthorized execution of arbitrary commands, potential denial of service scenarios, and exposure of sensitive data. This results from inadequate security configurations and specific library bugs found within the 'sun.' and 'org.apache.' Java packages. Attackers can exploit these flaws using crafted SQL statements, leading to severe security breaches.

References

http://archives.neohapsis.com/archives/bugtraq/2004-01/01...

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/10460

third-party-advisoryx_refsource_SECUNIA

http://archives.neohapsis.com/archives/fulldisclosure/200...

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Jun 1, 2009
Vulnerability Reserved
Jun 1, 2009