Sun Java System ASP < 4.0.3 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 4533

Synopsis

The remote web server is affected by several vulnerabilities.

Description

The remote host is running Sun Java System Active Server Pages (ASP), or an older variant such as Sun ONE ASP or Chili!Soft ASP. The web server component of the installed version of Active Server Pages on the remote host is affected by several vulnerabilities :

- A flaw in an include file used by several of the administration server's ASP applications allows an attacker to write arbitrary data to a file specified by an attacker on the affected host. This issue does not affect ASP Server on a Windows platform (CVE-2008-2401).
- Password and configuration data are stored in the administration server's web root and can be retrieved without credentials. This issue does not affect ASP Server on a Windows platform (CVE-2008-2402).
- Multiple directory traversal vulnerabilities exist in several of the administration server's ASP applications can be abused to read or even delete arbitrary files on the affected host. This issue does not affect ASP Server on a Windows platform (CVE-2008-2403).
- A stack buffer overflow allows code execution in the context of the ASP server (by default root) and can be exploited without authentication (CVE-2008-2404).
- Several of the administration server's ASP applications fail to filter or escape user input before using it togenerate commands before executing them in a shell. While access to these applications nominally requires authentication, there are reportedly several methods of bypassing authentication (CVE-2008-2405).

Solution

Upgrade to Sun Java System ASP version 4.0.3 or later.

See Also

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=706

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=707

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=708

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709

http://archives.neohapsis.com/archives/bugtraq/2008-06/0029.html

http://archives.neohapsis.com/archives/bugtraq/2008-06/0030.html

http://archives.neohapsis.com/archives/bugtraq/2008-06/0032.html

http://archives.neohapsis.com/archives/bugtraq/2008-06/0034.html

http://archives.neohapsis.com/archives/bugtraq/2008-06/0036.html

http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=705

Plugin Details

Severity: Critical

ID: 4533

File Name: 4533.prm

Family: Web Servers

Published: 2004/08/18

Modified: 2017/02/02

Dependencies: 4532

Nessus ID: 33439

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2008-2404, CVE-2008-2403, CVE-2008-2406, CVE-2008-2402, CVE-2008-2401, CVE-2008-2405

BID: 29537, 29538, 29539, 29540, 29542, 29550

IAVA: 2008-A-0038