CVE-2008-2402

Name of the Vulnerable Software and Affected Versions: Sun Java Active Server Pages (ASP) Server versions prior to 4.0.3

Description: The issue allows remote attackers to read sensitive information, including password hashes and configuration data, due to insufficient access control. This is possible because the Admin Server stores this information under the web root, making it accessible via direct requests for certain documents.

Recommendations: For versions prior to 4.0.3, update to version 4.0.3 or later to resolve the issue.