CVE-2008-2403 Information

Description

Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the Path parameter to the MapPath method.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=707 http://secunia.com/advisories/30523 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1 http://www.securityfocus.com/bid/29538 http://www.securitytracker.com/id?1020188 http://www.vupen.com/english/advisories/2008/1742/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42831