Vulnerability CVE-2008-2402


Published: 2008-06-04   Modified: 2012-02-12

Description:
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
SUN -> Java asp server 

 References:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
http://xforce.iss.net/xforce/xfdb/42828
http://www.vupen.com/english/advisories/2008/1742/references
http://www.securityfocus.com/bid/29540
http://secunia.com/advisories/30523
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=706
http://www.securitytracker.com/id?1020187

Copyright 2024, cxsecurity.com

 

Back to Top