OSVDB ID: 46019

Title: Sun Java Active Server Pages (ASP) Server Unspecified Applications Arbitrary Command Execution

Info

Disclosure

Jun 03, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jun 03, 2008

Description

Classification

Location: Remote / Network Access
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Upgrade to version 4.0.3 or higher, as it has been reported to fix this vulnerability. It is also possible to temporarily work around the flaw by implementing the following workaround: Removing the affected ASP applications from the system can prevent exploitation of these vulnerabilities. Additionally, using firewalls to limit access to the administration server (TCP port 5100) and the ASP application server (TCP port 5102) can help mitigate these issues.

Products

Unknown or Incomplete

References

Security Tracker: 1020190
CVE ID: 2008-2405 (see also: NVD)
Secunia Advisory ID: 30523
ISS X-Force ID: 42829
Related OSVDB ID: 46015 46016 46017 46018 46020
VUPEN Advisory: ADV-2008-1742
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2008-06/0032.html
Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709
Vendor Specific Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
Vendor Specific Solution URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_SMI-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=SJASP-4.0.3-OTH-G-TP@CDS-CDS_SMI

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/46019