CVE-2008-2404

CVE-2008-2404 affects Sun Java System Active Server Pages (ASP) Server prior to 4.0.3. The issue is a stack-based buffer overflow in the request handling code that allows remote code execution via an unspecified string field. Exploitation is described as possible from the web context, with no aut...

CVE-2008-2406

The CVE-2008-2406 issue affects Sun Java System Active Server Pages (ASP) Server prior to 4.0.3. The vulnerability allows remote attackers to bypass authentication by sending direct requests to the administration server, which listens on TCP port 5102, enabling unauthorized access to the administ...

CVE-2008-2402

CVE-2008-2402 involves Sun Java System Active Server Pages (ASP) Server prior to 4.0.3. The Admin Server stores sensitive information under the web root with insufficient access control, allowing remote attackers to read password hashes and configuration data via direct requests for unspecified d...

CVE-2008-2403

Sun Java System Active Server Pages (ASP) Server before 4.0.3 contains multiple directory traversal vulnerabilities in ASP applications that allow remote attackers to read or delete arbitrary files by supplying a dot-dot sequence in the Path parameter to MapPath. Affected software is the Sun Java...