Information Disclosure in Sun Java Active Server Pages Server
CVE-2008-2402

Currently unrated

Key Information:

Vendor

Oracle
Status
Java Asp Server
Vendor
CVE Published:
4 June 2008

What is CVE-2008-2402?

The Admin Server in Sun Java Active Server Pages (ASP) Server versions prior to 4.0.3 contains a significant information disclosure flaw. This vulnerability permits remote attackers to access sensitive information, such as password hashes and critical configuration data, by submitting direct requests for specific documents. The flaw stems from inadequate access control measures that allow unauthorized users to exploit this weakness, effectively compromising the integrity and security of the web server.

References

http://labs.idefense.com/intelligence/vulnerabilities/dis...
third-party-advisoryx_refsource_IDEFENSE
http://www.securitytracker.com/id?1020187
vdb-entryx_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/42828
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.