CVE-2007-4575 - Vulnerability Details

HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openoffice	Openoffice
Redhat	Enterprise Linux Jboss Enterprise Application Platform Rhel Application Stack

Configuration 1 [-]

OR	cpe:2.3:a:openoffice:openoffice::::::::
	cpe:2.3:a:openoffice:openoffice:2.0.1:::::::*
	cpe:2.3:a:openoffice:openoffice:2.0.2:::::::*
	cpe:2.3:a:openoffice:openoffice:2.0.3:::::::*
	cpe:2.3:a:openoffice:openoffice:2.0.3_1:::::::*
	cpe:2.3:a:openoffice:openoffice:2.0.4:::::::*
	cpe:2.3:a:openoffice:openoffice:2.0beta:::::::*
	cpe:2.3:a:openoffice:openoffice:2.1:::::::*
	cpe:2.3:a:openoffice:openoffice:2.2:::::::*
	cpe:2.3:a:openoffice:openoffice:2.2.1:::::::*

Package	CPE	Advisory	Released Date
JBEAP 4.2.0 for RHEL 4
glassfish-javamail-0:1.4.0-0jpp.ep1.8	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jacorb-0:2.3.0-1jpp.ep1.4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jcommon-0:1.0.12-1jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jfreechart-0:1.0.9-1jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jgroups-1:2.4.1-1.SP4.0jpp.ep1.2	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
JBEAP 4.2.0 for RHEL 5
hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jacorb-0:2.3.0-1jpp.ep1.5.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jcommon-0:1.0.12-1jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jfreechart-0:1.0.9-1jpp.ep1.2.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
Red Hat Enterprise Linux 4
openoffice.org2-1:2.0.4-5.7.0.3.0	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:1090	2007-12-05T00:00:00Z
Red Hat Enterprise Linux 5
hsqldb-1:1.8.0.4-3jpp.6	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:1048	2007-12-05T00:00:00Z
openoffice.org-1:2.0.4-5.4.25	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:1048	2007-12-05T00:00:00Z
Red Hat Web Application Stack for RHEL 4
concurrent-0:1.3.4-7jpp.ep1.6.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
glassfish-javamail-0:1.4.0-0jpp.ep1.8	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
glassfish-jstl-0:1.2.0-0jpp.ep1.2	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jacorb-0:2.3.0-1jpp.ep1.4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jboss-common-0:1.2.1-0jpp.ep1.2	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.3.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jcommon-0:1.0.12-1jpp.ep1.2.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jfreechart-0:1.0.9-1jpp.ep1.2.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jgroups-1:2.4.1-1.SP4.0jpp.ep1.2	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
wsdl4j-0:1.6.2-1jpp.ep1.8	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=200771
http://bugs.gentoo.org/show_bug.cgi?id=201799
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00005.html
http://secunia.com/advisories/27914
http://secunia.com/advisories/27916
http://secunia.com/advisories/27928
http://secunia.com/advisories/27931
http://secunia.com/advisories/27972
http://secunia.com/advisories/28018
http://secunia.com/advisories/28039
http://secunia.com/advisories/28286
http://secunia.com/advisories/28585
http://secunia.com/advisories/30100
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103141-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200637-1
http://www.debian.org/security/2007/dsa-1419
http://www.gentoo.org/security/en/glsa/glsa-200712-25.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:095
http://www.openoffice.org/security/cves/CVE-2007-4575.html
http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00134.html
http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00155.html
http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00281.html
http://www.redhat.com/support/errata/RHSA-2007-1048.html
http://www.redhat.com/support/errata/RHSA-2007-1090.html
http://www.redhat.com/support/errata/RHSA-2008-0151.html
http://www.redhat.com/support/errata/RHSA-2008-0158.html
http://www.redhat.com/support/errata/RHSA-2008-0213.html
http://www.securityfocus.com/bid/26703
http://www.securitytracker.com/id?1019041
http://www.ubuntu.com/usn/usn-609-1
http://www.vupen.com/english/advisories/2007/4092
http://www.vupen.com/english/advisories/2007/4146
https://exchange.xforce.ibmcloud.com/vulnerabilities/38882
https://nvd.nist.gov/vuln/detail/CVE-2007-4575
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10153
https://www.cve.org/CVERecord?id=CVE-2007-4575
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00678.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00753.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-12-06T02:00:00

Updated: 2024-08-07T15:01:09.752Z

Reserved: 2007-08-28T00:00:00

Link: CVE-2007-4575

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-12-06T02:46:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4575

Redhat

Severity : Moderate

Publid Date: 2007-12-04T00:00:00Z

Links: CVE-2007-4575 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-05T00:00:00", "descriptions": [{"lang": "en", "value": "HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to \"exposing static java methods.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "28585", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28585"}, {"name": "RHSA-2008:0213", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"}, {"name": "28018", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28018"}, {"name": "ADV-2007-4146", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/4146"}, {"name": "200637", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200637-1"}, {"name": "26703", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26703"}, {"name": "GLSA-200712-25", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200712-25.xml"}, {"name": "openoffice-hsqldb-code-execution(38882)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38882"}, {"name": "FEDORA-2007-4119", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00753.html"}, {"name": "RHSA-2008:0151", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"}, {"name": "oval:org.mitre.oval:def:10153", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10153"}, {"name": "27914", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27914"}, {"name": "27972", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27972"}, {"name": "30100", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30100"}, {"name": "MDVSA-2008:095", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:095"}, {"name": "SUSE-SA:2007:067", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00005.html"}, {"name": "27916", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27916"}, {"name": "28286", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28286"}, {"name": "DSA-1419", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1419"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=201799"}, {"name": "27928", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27928"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=200771"}, {"name": "ADV-2007-4092", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/4092"}, {"name": "28039", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28039"}, {"name": "1019041", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019041"}, {"name": "RHSA-2007:1090", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1090.html"}, {"name": "27931", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27931"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openoffice.org/security/cves/CVE-2007-4575.html"}, {"name": "FEDORA-2007-762", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00281.html"}, {"name": "RHSA-2008:0158", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"}, {"name": "FEDORA-2007-4171", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00678.html"}, {"name": "FEDORA-2007-4120", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00134.html"}, {"name": "RHSA-2007:1048", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1048.html"}, {"name": "USN-609-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-609-1"}, {"name": "103141", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103141-1"}, {"name": "FEDORA-2007-4172", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00155.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:01:09.752Z"}, "title": "CVE Program Container", "references": [{"name": "28585", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28585"}, {"name": "RHSA-2008:0213", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"}, {"name": "28018", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28018"}, {"name": "ADV-2007-4146", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/4146"}, {"name": "200637", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200637-1"}, {"name": "26703", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26703"}, {"name": "GLSA-200712-25", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200712-25.xml"}, {"name": "openoffice-hsqldb-code-execution(38882)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38882"}, {"name": "FEDORA-2007-4119", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00753.html"}, {"name": "RHSA-2008:0151", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"}, {"name": "oval:org.mitre.oval:def:10153", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10153"}, {"name": "27914", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27914"}, {"name": "27972", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27972"}, {"name": "30100", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30100"}, {"name": "MDVSA-2008:095", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:095"}, {"name": "SUSE-SA:2007:067", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00005.html"}, {"name": "27916", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27916"}, {"name": "28286", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28286"}, {"name": "DSA-1419", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1419"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=201799"}, {"name": "27928", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27928"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=200771"}, {"name": "ADV-2007-4092", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/4092"}, {"name": "28039", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28039"}, {"name": "1019041", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019041"}, {"name": "RHSA-2007:1090", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1090.html"}, {"name": "27931", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27931"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openoffice.org/security/cves/CVE-2007-4575.html"}, {"name": "FEDORA-2007-762", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00281.html"}, {"name": "RHSA-2008:0158", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"}, {"name": "FEDORA-2007-4171", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00678.html"}, {"name": "FEDORA-2007-4120", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00134.html"}, {"name": "RHSA-2007:1048", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1048.html"}, {"name": "USN-609-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-609-1"}, {"name": "103141", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103141-1"}, {"name": "FEDORA-2007-4172", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00155.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-4575", "datePublished": "2007-12-06T02:00:00", "dateReserved": "2007-08-28T00:00:00", "dateUpdated": "2024-08-07T15:01:09.752Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openoffice:openoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "F80EC95A-068C-42E4-90E5-ADC8909A524E", "versionEndIncluding": "2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:openoffice:openoffice:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1FA089E1-3B23-47FA-84BB-81225AD200EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:openoffice:openoffice:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "021D5A76-3F8E-4BBC-8776-D8E13F70D26F", "vulnerable": true}, {"criteria": "cpe:2.3:a:openoffice:openoffice:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "259A4F6F-6B35-47E1-BB89-44542D488FC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openoffice:openoffice:2.0.3_1:*:*:*:*:*:*:*", "matchCriteriaId": "4369D217-E2BF-4750-A34F-DE94546A799E", "vulnerable": true}, {"criteria": "cpe:2.3:a:openoffice:openoffice:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "D11A4605-D643-43D1-B1B0-6086C627A23D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openoffice:openoffice:2.0beta:*:*:*:*:*:*:*", "matchCriteriaId": "0F481B66-0301-41B4-AABC-16FA0ACAE0CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:openoffice:openoffice:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B7754374-47F9-4F80-A40A-56DF0ACE490A", "vulnerable": true}, {"criteria": "cpe:2.3:a:openoffice:openoffice:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "19A804F4-915A-46FC-8003-022319FA67EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:openoffice:openoffice:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "6B69AC9F-01A9-4A00-96ED-B38C29F958DE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to \"exposing static java methods.\""}, {"lang": "es", "value": "HSQLDB versiones anteriores a 1.8.0.9, como es usado en OpenOffice.org (OOo) versiones 2 anteriores a 2.3.1, permite a los atacantes remotos asistidos por el usuario ejecutar c\u00f3digo Java arbitrario por medio de documentos de base de datos dise\u00f1ados relacionados con \"exposing static java methods\"."}], "id": "CVE-2007-4575", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-12-06T02:46:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.gentoo.org/show_bug.cgi?id=200771"}, {"source": "secalert@redhat.com", "url": "http://bugs.gentoo.org/show_bug.cgi?id=201799"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00005.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27914"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27916"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27928"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27931"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27972"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28018"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28039"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28286"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28585"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30100"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103141-1"}, {"source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200637-1"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2007/dsa-1419"}, {"source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-200712-25.xml"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:095"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.openoffice.org/security/cves/CVE-2007-4575.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00134.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00155.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00281.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-1048.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-1090.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/26703"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1019041"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-609-1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/4092"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/4146"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38882"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10153"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00678.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00753.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=200771"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=201799"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27914"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27931"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27972"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28018"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28039"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28286"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28585"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30100"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103141-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200637-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1419"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200712-25.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:095"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.openoffice.org/security/cves/CVE-2007-4575.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00134.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00155.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00281.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-1048.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-1090.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/26703"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-609-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/4092"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/4146"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38882"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10153"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00678.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00753.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "glassfish-javamail-0:1.4.0-0jpp.ep1.8", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jacorb-0:2.3.0-1jpp.ep1.4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-seam-0:1.2.1-1.ep1.3.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jcommon-0:1.0.12-1jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jfreechart-0:1.0.9-1jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jacorb-0:2.3.0-1jpp.ep1.5.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-seam-0:1.2.1-1.ep1.3.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jcommon-0:1.0.12-1jpp.ep1.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2007:1090", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "openoffice.org2-1:2.0.4-5.7.0.3.0", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-12-05T00:00:00Z"}, {"advisory": "RHSA-2007:1048", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "hsqldb-1:1.8.0.4-3jpp.6", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-12-05T00:00:00Z"}, {"advisory": "RHSA-2007:1048", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "openoffice.org-1:2.0.4-5.4.25", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-12-05T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "concurrent-0:1.3.4-7jpp.ep1.6.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "glassfish-javamail-0:1.4.0-0jpp.ep1.8", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "glassfish-jstl-0:1.2.0-0jpp.ep1.2", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jacorb-0:2.3.0-1jpp.ep1.4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jboss-common-0:1.2.1-0jpp.ep1.2", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jboss-seam-0:1.2.1-1.ep1.3.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jcommon-0:1.0.12-1jpp.ep1.2.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jfreechart-0:1.0.9-1jpp.ep1.2.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "wsdl4j-0:1.6.2-1jpp.ep1.8", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}], "bugzilla": {"description": "OpenOffice.org-base allows Denial-of-Service and command injection", "id": "299801", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=299801"}, "csaw": false, "details": ["HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to \"exposing static java methods.\""], "name": "CVE-2007-4575", "public_date": "2007-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-4575\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-4575"], "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object