Описание
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.2 (включая)
Одно из
cpe:2.3:a:sun:java_asp_server:*:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_asp_server:4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.0039
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents.
EPSS
Процентиль: 60%
0.0039
Низкий
5 Medium
CVSS2
Дефекты
CWE-264