Lucene search

[email protected]CVE-2008-2406

HistoryJun 04, 2008 - 8:32 p.m.

CVE-2008-2406

2008-06-0420:32:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2008-2406

sun java

asp server

authentication bypass

tcp port 5102

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.4%

JSON

The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102.

Affected configurations

NVD

Node

sunjava_asp_serverRange≤4.0.2

sunjava_asp_serverMatch4.0

CPENameOperatorVersion
sun:java_asp_serversun java asp serverle4.0.2
sun:java_asp_serversun java asp servereq4.0

CPE	Name	Operator	Version
sun:java_asp_server	sun java asp server	le	4.0.2
sun:java_asp_server	sun java asp server	eq	4.0

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=710

secunia.com/advisories/30523

sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1

www.securityfocus.com/bid/29539

www.securitytracker.com/id?1020191

www.vupen.com/english/advisories/2008/1742/references

exchange.xforce.ibmcloud.com/vulnerabilities/42833

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.4%

JSON

Related for CVE-2008-2406

cvelist1 securityvulns2 prion1 nvd1 nessus1