CVE-2008-2403

Currently unrated

Key Information:

Vendor: Oracle
Status: Java Asp Server
Vendor: CVE Published:; 4 June 2008

Summary

Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the Path parameter to the MapPath method.

References

http://www.securityfocus.com/bid/29538

vdb-entryx_refsource_BID

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

http://www.securitytracker.com/id?1020188

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jun 4, 2008
Vulnerability Reserved
May 22, 2008