CyberSec.Space Logo
Back to CVE Browser

CVE-2008-2401

HIGH
7.5
CVSS Severity Score
EPSS Score0.0830%
EPSS Percentile35.33th
PublishedJun 4, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications.

Affected Platforms (CPE)

πŸ“¦
Sun

Java Active Server

= 4.0.2

References & Advisories

πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=705
πŸ”— http://secunia.com/advisories/30523
πŸ”— http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
πŸ”— http://www.securitytracker.com/id?1020186
πŸ”— http://www.vupen.com/english/advisories/2008/1742/references
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/42832
πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=705
πŸ”— http://secunia.com/advisories/30523

Related Vulnerabilities

CVE-2008-240310.0

Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4...

CVE-2008-240410.0

Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow...

CVE-2008-24067.5

The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass ...

CVE-2008-24057.5

Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharact...