10.1.3.1

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

apache

NVD

Published: 2007-07-05

Updated: 2008-09-05

Summary

Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Derby 10.1.1.0 Apache Derby 10.1.2.1 Apache Derby 10.1.3.1	3

References

http://db.apache.org/derby/releases/release-10.2.1.6.html
http://issues.apache.org/jira/browse/DERBY-1708