Back to CVE Browser

CVE-2008-2403

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0070%

EPSS Percentile28.16th

PublishedJun 4, 2008

Last ModifiedApr 23, 2026

Vulnerability Description

Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the Path parameter to the MapPath method.

Affected Platforms (CPE)

📦

Sun

Java Asp Server

<= 4.0.2

📦

Sun

Java Asp Server

= 4.0

📦

Sun

Java Asp Server

= 4.0.1

References & Advisories

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=707

🔗 http://secunia.com/advisories/30523

🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1

🔗 http://www.securityfocus.com/bid/29538

🔗 http://www.securitytracker.com/id?1020188

🔗 http://www.vupen.com/english/advisories/2008/1742/references

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/42831

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=707

Related Vulnerabilities

CVE-2008-240410.0

Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow...

CVE-2008-24017.5

The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or e...

CVE-2008-24057.5

Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharact...

CVE-2008-24067.5

The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass ...

CVE-2008-2403 Detail & Impact Analysis | CVSS 10.0 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space