CVE-2008-2402 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-2402 Interim 1 3 2021-06-09T08:45:10Z current 2021-05-30T12:42:50Z 2021-06-09T08:45:10Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-2402 The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents. CVE-2008-2402 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N