Lucene search

[email protected]CVE-2008-2402

HistoryJun 04, 2008 - 8:32 p.m.

CVE-2008-2402

2008-06-0420:32:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-2402

admin server

sun java

active server pages

asp server

access control

sensitive information

remote attackers

password hashes

configuration data

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.8%

JSON

The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents.

Affected configurations

NVD

Node

sunjava_asp_serverRange≤4.0.2

sunjava_asp_serverMatch4.0

CPENameOperatorVersion
sun:java_asp_serversun java asp serverle4.0.2
sun:java_asp_serversun java asp servereq4.0

CPE	Name	Operator	Version
sun:java_asp_server	sun java asp server	le	4.0.2
sun:java_asp_server	sun java asp server	eq	4.0

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=706

secunia.com/advisories/30523

sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1

www.securityfocus.com/bid/29540

www.securitytracker.com/id?1020187

www.vupen.com/english/advisories/2008/1742/references

exchange.xforce.ibmcloud.com/vulnerabilities/42828

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.8%

JSON

Related for CVE-2008-2402

nvd1 d21 securityvulns2 prion1 cvelist1 nessus2