CVE-2008-2402

EUVD-2008-2397
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
sunjava_asp_server
𝑥
≤ 4.0.2
sunjava_asp_server
4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=706
http://secunia.com/advisories/30523
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
http://www.securityfocus.com/bid/29540
http://www.securitytracker.com/id?1020187
http://www.vupen.com/english/advisories/2008/1742/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42828
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=706
http://secunia.com/advisories/30523
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
http://www.securityfocus.com/bid/29540
http://www.securitytracker.com/id?1020187
http://www.vupen.com/english/advisories/2008/1742/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42828