Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2403

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-2403
Last Modified 07 Mar 2011 10:09:08
Published 04 Jun 2008 04:32:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2403

Summary

Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the Path parameter to the MapPath method.

Vulnerable Systems

Application

  • Sun Java Asp Server 4.0

  • Sun Java Asp Server 4.0.1

  • Sun Java Asp Server 4.0.2


References

SUNALERT - 238184

XF - sun-jsasp-directory-traversal(42831)

VUPEN - ADV-2008-1742

BID - 29538

SECUNIA - 30523

IDEFENSE - 20080603 Sun Java System Active Server Pages Multiple Directory Traversal Vulnerabilities

SECTRACK - 1020188


Last Updated: 27 May 2016 10:47:51