Directory Traversal Vulnerabilities in Sun Java Active Server Pages
CVE-2008-2403

Currently unrated

Key Information:

Vendor: Oracle
Status: Java Asp Server
Vendor: CVE Published:; 4 June 2008

What is CVE-2008-2403?

Multiple directory traversal vulnerabilities in Sun Java Active Server Pages allow remote attackers to navigate the filesystem and access or delete arbitrary files. By manipulating the Path parameter using a sequence of dots (..) in the MapPath method, attackers can exploit these vulnerabilities, potentially leading to severe security breaches and unauthorized data exposure. Proper validation and sanitation of user input are essential to mitigate these risks.

References

http://www.securityfocus.com/bid/29538

vdb-entryx_refsource_BID

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

http://www.securitytracker.com/id?1020188

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jun 4, 2008
Vulnerability Reserved
May 22, 2008

Oracle

What is CVE-2008-2403?

References

Timeline