CVE-2008-2405

EUVD-2008-2400
Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
sunjava_active_server_pages
𝑥
≤ 4.0.2
sunjava_active_server_pages
4.0.0
sunjava_active_server_pages
4.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709
http://secunia.com/advisories/30523
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
http://www.securitytracker.com/id?1020190
http://www.vupen.com/english/advisories/2008/1742/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42829
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709
http://secunia.com/advisories/30523
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
http://www.securitytracker.com/id?1020190
http://www.vupen.com/english/advisories/2008/1742/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42829