Sun Java System ASP Server < 4.0.3 Multiple Vulnerabilities
Critical Nessus Plugin ID 33440
SynopsisThe remote web server is affected by several vulnerabilities.
DescriptionThe remote host is running Sun Java System Active Server Pages (ASP), or an older variant such as Sun ONE ASP or Chili!Soft ASP.
The web server component of the installed version of Active Server Pages on the remote host is affected by several vulnerabilities :
- Several of the administration server's ASP applications fail to filter or escape user input before using it to generate commands before executing them in a shell.
While access to these applications nominally requires authentication, there are reportedly several methods of bypassing authentication (CVE-2008-2405).
- An attacker can bypass administration server authentication by connection to the application server directly and making requests. This issue does not affect ASP Server on a Windows platform (CVE-2008-2406).
SolutionUpgrade to Sun Java System ASP version 4.0.3 or later.