|
Sun Java System Active Server Pages Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA30523
|
|
|
Release Date:
|
2008-06-04
|
|
Popularity:
|
4,534 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Manipulation of data
Exposure of system information
Exposure of sensitive information
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Sun Java System Active Server Pages 4.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Some vulnerabilities and a security issue have been reported in Sun Java System Active Server Pages, which can be exploited by malicious users to compromise a vulnerable system, and by malicious people to disclose sensitive information, manipulate certain data, bypass certain security restrictions, or to compromise a vulnerable system.
1) Input passed to an unspecified file included by various ASP applications is not properly verified before being used within a function to create files. This can be exploited to create or append to arbitrary files on the system.
2) A security issue is caused due to password and configuration data being stored within the application server root directory. This can be exploited to disclose sensitive information, e.g. configuration data or password hashes.
3) An input validation error exists within unspecified ASP applications, which can be exploited to disclose the content of arbitrary files or delete arbitrary files via specially crafted HTTP requests containing directory traversal sequences.
Successful exploitation of vulnerabilities #1 to #3 requires network access to the administration server (port 5100/TCP).
4) A boundary error exists in the handling of request within the ASP server, which can be exploited to cause a stack-based buffer overflow via a specially crafted request.
Successful exploitation allows execution of arbitrary code.
5) Various input to unspecified ASP applications is not properly sanitised before being used to execute shell commands. This can be exploited to inject and execute arbitrary shell commands via specially crafted HTTP requests containing shell meta-characters.
Successful exploitation requires authenticated access to the administration server (but see #6).
6) A design error can be exploited to bypass the authentication of the administration HTTP server by sending specially crafted requests to port 5102/TCP.
The vulnerabilities are reported in version 4.0.2. Other versions may also be affected.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
