Vulnerability Details CVE-2008-2405
Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709
- http://secunia.com/advisories/30523
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
- http://www.securitytracker.com/id?1020190
- http://www.vupen.com/english/advisories/2008/1742/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42829
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709
- http://secunia.com/advisories/30523
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
- http://www.securitytracker.com/id?1020190
- http://www.vupen.com/english/advisories/2008/1742/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42829
Products affected by CVE-2008-2405
-
cpe:2.3:a:sun:java_active_server_pages:*
-
cpe:2.3:a:sun:java_active_server_pages:4.0.0
-
cpe:2.3:a:sun:java_active_server_pages:4.0.1