Authentication Bypass Vulnerability in Sun Java Active Server Pages Server
CVE-2008-2406

Currently unrated

Key Information:

Vendor: Oracle
Status: Java Asp Server
Vendor: CVE Published:; 4 June 2008

What is CVE-2008-2406?

A vulnerability exists in the administration application server of Sun Java Active Server Pages (ASP) Server prior to version 4.0.3. This issue allows remote attackers to bypass authentication controls through direct TCP port 5102 requests, potentially granting them unauthorized access to sensitive information and functionality within the server. Failure to secure this port can lead to significant security risks, as it opens pathways for exploitation and unauthorized interaction with the server's features.

References

http://www.securityfocus.com/bid/29539

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1020191

vdb-entryx_refsource_SECTRACK

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

Timeline

Vulnerability published
Jun 4, 2008
Vulnerability Reserved
May 22, 2008

Oracle

What is CVE-2008-2406?

References

Timeline