CVE-2008-2402
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents.
EL Admin Server en Sun Java Active Server Pages (ASP) Server anterior a 4.0.3 almacena información sensible bajo el archivo web raíz sin el suficiente control de acceso, lo que permite a atacantes remotos leer hashes de contraseñas y datos de configuración a través de una petición directa a documentos sin especificar.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-05-22 CVE Reserved
- 2008-06-04 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=706 | Third Party Advisory | |
| http://secunia.com/advisories/30523 | Third Party Advisory | |
| http://www.securityfocus.com/bid/29540 | Vdb Entry | |
| http://www.securitytracker.com/id?1020187 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/1742/references | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42828 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1 | 2017-08-08 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sun Search vendor "Sun" | Java Asp Server Search vendor "Sun" for product "Java Asp Server" | <= 4.0.2 Search vendor "Sun" for product "Java Asp Server" and version " <= 4.0.2" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Java Asp Server Search vendor "Sun" for product "Java Asp Server" | 4.0 Search vendor "Sun" for product "Java Asp Server" and version "4.0" | - |
Affected
| ||||||