Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2402

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-2402
Last Modified 07 Mar 2011 10:09:08
Published 04 Jun 2008 04:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2402

Summary

The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents.

Vulnerable Systems

Application

  • Sun Java Asp Server 4.0

  • Sun Java Asp Server 4.0.2


References

SUNALERT - 238184

XF - sunjava-active-password-info-disclosure(42828)

VUPEN - ADV-2008-1742

BID - 29540

SECUNIA - 30523

IDEFENSE - 20080603 Sun Java System Active Server Pages Information Disclosure Vulnerability

SECTRACK - 1020187


Last Updated: 27 May 2016 10:47:51