CVE-2008-2402

CWE-2643 documents3 sources
Severity
5.0MEDIUM
EPSS
0.4%
top 39.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SUN Java ASP Server
Timeline
PublishedJun 4
Latest updateMay 1

Description

The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDsun/java_asp_server4.0.2+1

Patches

Patch: sunsolve.sun.comPatch: sunsolve.sun.com

🔴Vulnerability Details

2
GHSA
GHSA-9wrf-3x99-v8v2: The Admin Server in Sun Java Active Server Pages (ASP) Server before 42022-05-01
CVEList
CVE-2008-2402: The Admin Server in Sun Java Active Server Pages (ASP) Server before 42008-06-04
CVE-2008-2402 (MEDIUM CVSS 5) | The Admin Server in Sun Java Active | cvebase.io