7.5

CVE-2008-2405

Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJava Active Server Pages Version <= 4.0.2
SunJava Active Server Pages Version4.0.0
SunJava Active Server Pages Version4.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.19% 0.864
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/30523
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
http://www.vupen.com/english/advisories/2008/1742/references
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709
http://www.securitytracker.com/id?1020190
https://exchange.xforce.ibmcloud.com/vulnerabilities/42829