Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Sun Java System Active Server Pages
Опубликовано:5 июня 2008 г.
Источник:
SecurityVulns ID:9051
Тип:удаленная
Уровень опасности:
8/10
Описание:Утечка информации, внедрение команд, обратный путь в каталогах, переполнения буфера, обход аутентификации.
Затронутые продукты:SUN : Java System Active Server Pages 4.0
CVE:CVE-2008-2406 (The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102.)
 CVE-2008-2405 (Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications.)
 CVE-2008-2404 (Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field.)
 CVE-2008-2403 (Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the Path parameter to the MapPath method.)
 CVE-2008-2402 (The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents.)
 CVE-2008-2401 (The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages File Creation Vulnerability (05.06.2008)
 documentIDEFENSE, iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Buffer Overflow Vulnerability (05.06.2008)
 documentIDEFENSE, iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Authorization Bypass Vulnerability (05.06.2008)
 documentIDEFENSE, iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Multiple Directory Traversal Vulnerabilities (05.06.2008)
 documentIDEFENSE, iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Multiple Command Injection Vulnerabilities (05.06.2008)
 documentIDEFENSE, iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Information Disclosure Vulnerability (05.06.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород