Sun Java System ASP < 4.0.3 Multiple Vulnerabilities

critical Nessus Plugin ID 33439

Synopsis

The remote web server is affected by several vulnerabilities.

Description

The remote host is running Sun Java System Active Server Pages (ASP), or an older variant such as Sun ONE ASP or Chili!Soft ASP.

The web server component of the installed version of Active Server Pages on the remote host is affected by several vulnerabilities :

- A flaw in an include file used by several of the administration server's ASP applications allows an attacker to write arbitrary data to a file specified by an attacker on the affected host. This issue does not affect ASP Server on a Windows platform (CVE-2008-2401).

- Password and configuration data are stored in the administration server's web root and can be retrieved without credentials. This issue does not affect ASP Server on a Windows platform (CVE-2008-2402).

- Multiple directory traversal vulnerabilities exist in several of the administration server's ASP applications and can be abused to read or even delete arbitrary files on the affected host. This issue does not affect ASP Server on a Windows platform (CVE-2008-2403).

- A stack-based buffer overflow allows code execution in the context of the ASP server (by default root) and can be exploited without authentication (CVE-2008-2404).

- Several of the administration server's ASP applications fail to filter or escape user input before using it to generate commands before executing them in a shell.
While access to these applications nominally requires authentication, there are reportedly several methods of bypassing authentication (CVE-2008-2405).

Solution

Upgrade to Sun Java System ASP version 4.0.3 or later.

See Also

https://seclists.org/bugtraq/2008/Jun/32

https://seclists.org/bugtraq/2008/Jun/34

https://download.oracle.com/sunalerts/1019285.1.html

http://www.nessus.org/u?b0af4b83

http://www.nessus.org/u?e8788b4c

http://www.nessus.org/u?a1d5bc95

http://www.nessus.org/u?cee12fc8

http://www.nessus.org/u?d90b8781

https://seclists.org/bugtraq/2008/Jun/27

https://seclists.org/bugtraq/2008/Jun/28

https://seclists.org/bugtraq/2008/Jun/30

Plugin Details

Severity: Critical

ID: 33439

File Name: sun_asp_403.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 7/8/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 6/3/2008

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2008-2401, CVE-2008-2402, CVE-2008-2403, CVE-2008-2404, CVE-2008-2405

BID: 29537, 29538, 29540, 29542, 29550

CWE: 119, 20, 22, 264

IAVA: 2008-A-0038-S

SECUNIA: 30523