Vulnonym.org

CVE-2008-2403 - Histopathological Altimeter

Description

Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the Path parameter to the MapPath method.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=707 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1 http://www.securitytracker.com/id?1020188 http://www.securityfocus.com/bid/29538 http://secunia.com/advisories/30523 http://www.vupen.com/english/advisories/2008/1742/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42831