Vulnerability Description
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Java Active Server | 4.0.2 |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=705
- http://secunia.com/advisories/30523
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
- http://www.securitytracker.com/id?1020186
- http://www.vupen.com/english/advisories/2008/1742/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42832
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=705
- http://secunia.com/advisories/30523
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
- http://www.securitytracker.com/id?1020186
- http://www.vupen.com/english/advisories/2008/1742/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42832
FAQ
What is CVE-2008-2401?
CVE-2008-2401 is a vulnerability with a CVSS score of 7.5 (HIGH). The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is include...
How severe is CVE-2008-2401?
CVE-2008-2401 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2401?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Java Active Server.