This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.
The remote web server is affected by several vulnerabilities.
The remote host is running Sun Java System Active Server Pages (ASP), or an
older variant such as Sun ONE ASP or Chili!Soft ASP.
The web server component of the installed version of Active Server
Pages on the remote host is affected by several vulnerabilities :
- Several of the administration server's ASP applications
fail to filter or escape user input before using it to
generate commands before executing them in a shell.
While access to these applications nominally requires
authentication, there are reportedly several methods
of bypassing authentication (CVE-2008-2405).
- An attacker can bypass administration server
authentication by connection to the application
server directly and making requests. This issue does
not affect ASP Server on a Windows platform
See also :
Upgrade to Sun Java System ASP version 4.0.3 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 33440 ()
Bugtraq ID: 2953929550
CVE ID: CVE-2008-2405CVE-2008-2406
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.