5

CVE-2008-2402

The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJava Asp Server Version <= 4.0.2
SunJava Asp Server Version4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.37% 0.954
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/30523
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
Patch
http://www.vupen.com/english/advisories/2008/1742/references
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=706
http://www.securityfocus.com/bid/29540
http://www.securitytracker.com/id?1020187
https://exchange.xforce.ibmcloud.com/vulnerabilities/42828