Vulnerability CVE-2008-2404

Vulnerability Name:

CVE-2008-2404 (CCN-42830)

Assigned:

2008-06-03

Published:

2008-06-03

Updated:

2017-08-08

Summary:

Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-2404

Source: IDEFENSE
Type: UNKNOWN
20080603 Sun Java System Active Server Pages Buffer Overflow Vulnerability

Source: CCN
Type: SA30523
Sun Java System Active Server Pages Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30523

Source: CCN
Type: SECTRACK ID: 1020189
Sun Java ASP Server Stack Overflow Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: Sun Alert ID: 238184
Multiple Security Vulnerabilities in Sun Java ASP Server may lead to execution of Arbitrary Code or Unauthorized Access to Data

Source: SUNALERT
Type: Patch
238184

Source: CCN
Type: ASA-2008-243
Multiple Security Vulnerabilities in Sun Java ASP Server may lead to execution of Arbitrary Code or Unauthorized Access to Data (Sun 238184)

Source: CCN
Type: OSVDB ID: 46018
Sun Java Active Server Pages (ASP) Server Request Handling Implementation Remote Overflow

Source: SECTRACK
Type: UNKNOWN
1020189

Source: VUPEN
Type: UNKNOWN
ADV-2008-1742

Source: XF
Type: UNKNOWN
sunjavasystem-asp-server-bo(42830)

Source: XF
Type: UNKNOWN
sunjavasystem-asp-server-bo(42830)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 06.03.08
Sun Java System Active Server Pages Buffer Overflow Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:java_asp_server:4.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_asp_server:*:*:*:*:*:*:*:* (Version <= 4.0.2)

Configuration CCN 1:

cpe:/a:sun:java_asp_server:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:sun:java_asp_server:4.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_asp_server:4.0.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK