CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2008-2403
https://notcve.org/view.php?id=CVE-2008-2403
Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the Path parameter to the MapPath method. Múltiples vulnerabilidades de salto de directorio en Sun Java Active Server Pages (ASP) Server anterior a 4.0.3, permite a atacantes remotos leer o escribir ficheros de su elección a través de .. (punto punto) en el parámetro Path hacia el método MapPath. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=707 http://secunia.com/advisories/30523 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1 http://www.securityfocus.com/bid/29538 http://www.securitytracker.com/id?1020188 http://www.vupen.com/english/advisories/2008/1742/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42831 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 0CVE-2008-2404
https://notcve.org/view.php?id=CVE-2008-2404
Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field. Desbordamiento de búfer en la implementación del manejo de petición en Sun Java Active Server Pages (ASP) Server anterior a 4.0.3, permite a atacantes remotos ejecutar código de su elección a través de un campo cadena sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=708 http://secunia.com/advisories/30523 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1 http://www.securitytracker.com/id?1020189 http://www.vupen.com/english/advisories/2008/1742/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42830 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2008-2406
https://notcve.org/view.php?id=CVE-2008-2406
The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102. El servidor de administración de aplicaciones de Sun Java Active Server Pages (ASP) Server anterior a 4.0.3, permite a atacantes remotos evitar la autenticación a través de una petición directa al puerto TCP 5102. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=710 http://secunia.com/advisories/30523 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1 http://www.securityfocus.com/bid/29539 http://www.securitytracker.com/id?1020191 http://www.vupen.com/english/advisories/2008/1742/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42833 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2402
https://notcve.org/view.php?id=CVE-2008-2402
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents. EL Admin Server en Sun Java Active Server Pages (ASP) Server anterior a 4.0.3 almacena información sensible bajo el archivo web raíz sin el suficiente control de acceso, lo que permite a atacantes remotos leer hashes de contraseñas y datos de configuración a través de una petición directa a documentos sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=706 http://secunia.com/advisories/30523 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1 http://www.securityfocus.com/bid/29540 http://www.securitytracker.com/id?1020187 http://www.vupen.com/english/advisories/2008/1742/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42828 • CWE-264: Permissions, Privileges, and Access Controls •