CVE-2008-2402

Currently unrated

Key Information:

Vendor: Oracle
Status: Java Asp Server
Vendor: CVE Published:; 4 June 2008

Summary

The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents.

References

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

http://www.securitytracker.com/id?1020187

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/42828

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 4, 2008
Vulnerability Reserved
May 22, 2008