{ "threat_severity" : "Moderate", "public_date" : "2007-12-04T00:00:00Z", "bugzilla" : { "description" : "OpenOffice.org-base allows Denial-of-Service and command injection", "id" : "299801", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=299801" }, "details" : [ "HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to \"exposing static java methods.\"" ], "affected_release" : [ { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "glassfish-javamail-0:1.4.0-0jpp.ep1.8" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jacorb-0:2.3.0-1jpp.ep1.4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jboss-seam-0:1.2.1-1.ep1.3.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jcommon-0:1.0.12-1jpp.ep1.2.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jfreechart-0:1.0.9-1jpp.ep1.2.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0213", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0213", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0213", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jacorb-0:2.3.0-1jpp.ep1.5.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0213", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0213", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0213", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0213", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0213", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jboss-seam-0:1.2.1-1.ep1.3.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0213", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0213", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jcommon-0:1.0.12-1jpp.ep1.2.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0213", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2008-04-02T00:00:00Z", "advisory" : "RHSA-2008:0213", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1" }, { "product_name" : "Red Hat Enterprise Linux 4", "release_date" : "2007-12-05T00:00:00Z", "advisory" : "RHSA-2007:1090", "cpe" : "cpe:/o:redhat:enterprise_linux:4", "package" : "openoffice.org2-1:2.0.4-5.7.0.3.0" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2007-12-05T00:00:00Z", "advisory" : "RHSA-2007:1048", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "hsqldb-1:1.8.0.4-3jpp.6" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2007-12-05T00:00:00Z", "advisory" : "RHSA-2007:1048", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "openoffice.org-1:2.0.4-5.4.25" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "concurrent-0:1.3.4-7jpp.ep1.6.el4" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "glassfish-javamail-0:1.4.0-0jpp.ep1.8" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "glassfish-jstl-0:1.2.0-0jpp.ep1.2" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "jacorb-0:2.3.0-1jpp.ep1.4" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "jboss-common-0:1.2.1-0jpp.ep1.2" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "jboss-seam-0:1.2.1-1.ep1.3.el4" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "jcommon-0:1.0.12-1jpp.ep1.2.el4" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "jfreechart-0:1.0.9-1jpp.ep1.2.el4" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4" }, { "product_name" : "Red Hat Web Application Stack for RHEL 4", "release_date" : "2008-03-24T00:00:00Z", "advisory" : "RHSA-2008:0158", "cpe" : "cpe:/a:redhat:rhel_application_stack:1", "package" : "wsdl4j-0:1.6.2-1jpp.ep1.8" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2007-4575\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-4575" ], "name" : "CVE-2007-4575", "csaw" : false }