The Admin Server in Sun Java Active Server Pages (ASP) Server prior to 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to read password hashes and configuration data via direct requests for unspecified documents.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun java asp server 4.0 |
||
sun java asp server |