Vulnerability Details CVE-2008-2405
Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.032
EPSS Ranking 86.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709
- http://secunia.com/advisories/30523
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
- http://www.securitytracker.com/id?1020190
- http://www.vupen.com/english/advisories/2008/1742/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42829
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709
- http://secunia.com/advisories/30523
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
- http://www.securitytracker.com/id?1020190
- http://www.vupen.com/english/advisories/2008/1742/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42829
Products affected by CVE-2008-2405
-
cpe:2.3:a:sun:java_active_server_pages:*
-
cpe:2.3:a:sun:java_active_server_pages:4.0.0
-
cpe:2.3:a:sun:java_active_server_pages:4.0.1