Detections
Analytics

Sun Java System ASP < 4.0.3 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 4533

Synopsis

The remote web server is affected by several vulnerabilities.

Description

The remote host is running Sun Java System Active Server Pages (ASP), or an older variant such as Sun ONE ASP or Chili!Soft ASP. The web server component of the installed version of Active Server Pages on the remote host is affected by several vulnerabilities :

 - A flaw in an include file used by several of the administration server's ASP applications allows an attacker to write arbitrary data to a file specified by an attacker on the affected host. This issue does not affect ASP Server on a Windows platform (CVE-2008-2401).
 - Password and configuration data are stored in the administration server's web root and can be retrieved without credentials. This issue does not affect ASP Server on a Windows platform (CVE-2008-2402).
 - Multiple directory traversal vulnerabilities exist in several of the administration server's ASP applications can be abused to read or even delete arbitrary files on the affected host. This issue does not affect ASP Server on a Windows platform (CVE-2008-2403).
 - A stack buffer overflow allows code execution in the context of the ASP server (by default root) and can be exploited without authentication (CVE-2008-2404).
 - Several of the administration server's ASP applications fail to filter or escape user input before using it togenerate commands before executing them in a shell. While access to these applications nominally requires authentication, there are reportedly several methods of bypassing authentication (CVE-2008-2405).

Solution

Upgrade to Sun Java System ASP version 4.0.3 or later.

See Also

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=706

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=707

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=708

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709

http://archives.neohapsis.com/archives/bugtraq/2008-06/0029.html

http://archives.neohapsis.com/archives/bugtraq/2008-06/0030.html

http://archives.neohapsis.com/archives/bugtraq/2008-06/0032.html

http://archives.neohapsis.com/archives/bugtraq/2008-06/0034.html

http://archives.neohapsis.com/archives/bugtraq/2008-06/0036.html

http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=705

Plugin Details

Severity: Critical

ID: 4533

Family: Web Servers

Published: 8/18/2004

Updated: 3/6/2019

Nessus ID: 33439

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:sun:java_active_server_pages

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2008-2401, CVE-2008-2402, CVE-2008-2403, CVE-2008-2404, CVE-2008-2405, CVE-2008-2406

BID: 29537, 29538, 29539, 29540, 29542, 29550