CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 0CVE-2008-2404
https://notcve.org/view.php?id=CVE-2008-2404
Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field. Desbordamiento de búfer en la implementación del manejo de petición en Sun Java Active Server Pages (ASP) Server anterior a 4.0.3, permite a atacantes remotos ejecutar código de su elección a través de un campo cadena sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=708 http://secunia.com/advisories/30523 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1 http://www.securitytracker.com/id?1020189 http://www.vupen.com/english/advisories/2008/1742/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42830 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2008-2405
https://notcve.org/view.php?id=CVE-2008-2405
Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications. Sun Java Active Server Pages (ASP) Server anterior a 4.0.3, permite a atacantes remotos ejecutar comandos de su elección a través de metacaractéres en la consola en una petición HTTP hacia una aplicación ASP sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709 http://secunia.com/advisories/30523 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1 http://www.securitytracker.com/id?1020190 http://www.vupen.com/english/advisories/2008/1742/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42829 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2008-2406
https://notcve.org/view.php?id=CVE-2008-2406
The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102. El servidor de administración de aplicaciones de Sun Java Active Server Pages (ASP) Server anterior a 4.0.3, permite a atacantes remotos evitar la autenticación a través de una petición directa al puerto TCP 5102. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=710 http://secunia.com/advisories/30523 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1 http://www.securityfocus.com/bid/29539 http://www.securitytracker.com/id?1020191 http://www.vupen.com/english/advisories/2008/1742/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42833 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2402
https://notcve.org/view.php?id=CVE-2008-2402
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents. EL Admin Server en Sun Java Active Server Pages (ASP) Server anterior a 4.0.3 almacena información sensible bajo el archivo web raíz sin el suficiente control de acceso, lo que permite a atacantes remotos leer hashes de contraseñas y datos de configuración a través de una petición directa a documentos sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=706 http://secunia.com/advisories/30523 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1 http://www.securityfocus.com/bid/29540 http://www.securitytracker.com/id?1020187 http://www.vupen.com/english/advisories/2008/1742/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42828 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2008-2401
https://notcve.org/view.php?id=CVE-2008-2401
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications. EL Admin Server en Sun Java Active Server Pages (ASP) Server anterior a 4.0.3, permite a atacantes remotos añadir (información, contenido,etc) a ficheros nuevos de su elección o a los ya existentes, a través del primer argumento en cierto fichero que es incluido por multitud de aplicaciones ASP sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=705 http://secunia.com/advisories/30523 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1 http://www.securitytracker.com/id?1020186 http://www.vupen.com/english/advisories/2008/1742/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42832 • CWE-20: Improper Input Validation •