Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Alert 238184 Multiple Security Vulnerabilities in Sun Java ASP Server may lead to execution of Arbitrary Code or Unauthorized Access to Data
Informations
Name SUN-238184 First vendor Publication 2008-06-03
Vendor Sun Last vendor Modification 2008-06-09
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Sun Java ASP Server 4.0.2
State: Resolved
First released: 03-Jun-2008

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_238184_multiple_security

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-20 Improper Input Validation
17 % CWE-287 Improper Authentication
17 % CWE-264 Permissions, Privileges, and Access Controls
17 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
17 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 3
Application 3

Open Source Vulnerability Database (OSVDB)

Id Description
46020 Sun Java Active Server Pages (ASP) Server Administration Application Authenti...

46019 Sun Java Active Server Pages (ASP) Server Unspecified Applications Arbitrary ...

46018 Sun Java Active Server Pages (ASP) Server Request Handling Implementation Rem...

46017 Sun Java Active Server Pages (ASP) Server Unspecified Application MapPath Par...

46016 Sun Java Active Server Pages (ASP) Server Admin Server Direct Request Informa...

46015 Sun Java Active Server Pages (ASP) Server Admin Server Unspecified Applicatio...

Information Assurance Vulnerability Management (IAVM)

Date Description
2008-06-12 IAVM : 2008-A-0038 - Multiple Security Vulnerabilities in Sun Java ASP
Severity : Category I - VMSKEY : V0016039

Nessus® Vulnerability Scanner

Date Description
2008-07-08 Name : The remote web server is affected by several vulnerabilities.
File : sun_asp_403.nasl - Type : ACT_ATTACK
2008-07-08 Name : The remote web server is affected by several vulnerabilities.
File : sun_asp_cmd_injection.nasl - Type : ACT_ATTACK