iDefense Security Advisory 06.03.08 - Remote exploitation of a file creation vulnerability in Sun Microsystem's Java System Active Server Pages allows attackers to execute arbitrary code with root privileges. The vulnerability exists within a file included by several ASP applications. This file provides a function that will write the contents contained within its first parameter to a file specified by its second parameter. Several ASP applications allow an attacker to control both the content and the location of the file written. iDefense has confirmed the existence of this vulnerability within version 4.0.2 of Sun Microsystems Inc.'s Java System Active Server Pages. Older versions are suspected to be vulnerable.
c8738c63961d01a910c9a1548f097fc57108cc926e6a36c5d014b8eeff808008