Sun Java System ASP Server < 4.0.3 Multiple Vulnerabilities

This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by several vulnerabilities.

Description :

The remote host is running Sun Java System Active Server Pages (ASP), or an
older variant such as Sun ONE ASP or Chili!Soft ASP.

The web server component of the installed version of Active Server
Pages on the remote host is affected by several vulnerabilities :

- Several of the administration server's ASP applications
fail to filter or escape user input before using it to
generate commands before executing them in a shell.
While access to these applications nominally requires
authentication, there are reportedly several methods
of bypassing authentication (CVE-2008-2405).

- An attacker can bypass administration server
authentication by connection to the application
server directly and making requests. This issue does
not affect ASP Server on a Windows platform

See also :

Solution :

Upgrade to Sun Java System ASP version 4.0.3 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 33440 ()

Bugtraq ID: 29539

CVE ID: CVE-2008-2405