Vulnerability Description
Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Java Active Server Pages | <= 4.0.2 |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709
- http://secunia.com/advisories/30523
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
- http://www.securitytracker.com/id?1020190
- http://www.vupen.com/english/advisories/2008/1742/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42829
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709
- http://secunia.com/advisories/30523
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
- http://www.securitytracker.com/id?1020190
- http://www.vupen.com/english/advisories/2008/1742/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42829
FAQ
What is CVE-2008-2405?
CVE-2008-2405 is a vulnerability with a CVSS score of 7.5 (HIGH). Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications.
How severe is CVE-2008-2405?
CVE-2008-2405 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2405?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Java Active Server Pages.