CVE-2008-2406

SUN Java Asp Server < 4.0.2 - Authentication Bypass

Title source: rule

Description

The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102.

References (7)

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42833

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29539

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1020191

[Third Party Advisory] http://secunia.com/advisories/30523

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1742/references

[Third Party Advisory] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=710

Scores

EPSS 0.0096

EPSS Percentile 76.2%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

sun/java_asp_server < 4.0.2

sun/java_asp_server

Timeline

Published Jun 04, 2008

Tracked Since Feb 18, 2026