CVE-2008-2405

Published: Jun 4, 2008Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications.

Affected (3)

Products: Sun: Java Active Server Pages

Sun

1 product

Java Active Server Pages

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Sun Java Active Server Pages	Up to 4.0.2
Sun Java Active Server Pages	Version 4.0.0
Sun Java Active Server Pages	Version 4.0.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709

Source: cve@mitre.org

http://secunia.com/advisories/30523

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1

Source: cve@mitre.org

http://www.securitytracker.com/id?1020190

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/1742/references

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/42829

Source: cve@mitre.org

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709