CVE-2008-2406

Опубликовано: 04 июн. 2008

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102.

Ссылки

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=710
http://secunia.com/advisories/30523
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
http://www.securityfocus.com/bid/29539
http://www.securitytracker.com/id?1020191
http://www.vupen.com/english/advisories/2008/1742/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42833
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=710
http://secunia.com/advisories/30523
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
http://www.securityfocus.com/bid/29539
http://www.securitytracker.com/id?1020191
http://www.vupen.com/english/advisories/2008/1742/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42833

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sun:java_asp_server:*:*:*:*:*:*:*:*

Версия до 4.0.2 (включая)

cpe:2.3:a:sun:java_asp_server:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00958

Низкий

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-4jgq-fhgh-wpfp

github

почти 4 года назад