CVE-2008-2401

Published: Jun 4, 2008Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications.

Affected (1)

Products: Sun: Java Active Server

Sun

1 product

Java Active Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sun Java Active Server	Version 4.0.2

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=705

Source: cve@mitre.org

http://secunia.com/advisories/30523

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1

Source: cve@mitre.org

http://www.securitytracker.com/id?1020186

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/1742/references

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/42832

Source: cve@mitre.org

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=705