Summary
| Detail | |||
|---|---|---|---|
| Vendor | Sun | First view | 2008-11-17 |
| Product | Java System Identity Manager | Last view | 2008-11-17 |
| Version | 6.0 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:sun:java_system_identity_manager | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2008-11-17 | CVE-2008-5118 | Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection." |
| 6.4 | 2008-11-17 | CVE-2008-5117 | Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
| 7.8 | 2008-11-17 | CVE-2008-5116 | Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter. |
| 6.8 | 2008-11-17 | CVE-2008-5115 | Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp. |
| 4.3 | 2008-11-17 | CVE-2008-5114 | Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 25% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 25% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 25% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 25% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 49769 | Sun Java System Identity Manager Unspecified Arbitrary Frame Injection |
| 49768 | Sun Java System Identity Manager Unspecified Arbitrary Site Redirection |
| 49767 | Sun Java System Identity Manager /idm/includes/helpServer.jsp ext parameter A... |
| 49766 | Sun Java System Identity Manager Admin /idm/admin/changeself.jsp Update Passw... |
| 49765 | Sun Java System Identity Manager Unspecified XSS |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2009-05-06 | Name: The remote web server contains an application that allows arbitrary file retr... File: sun_idm_ext_file_retrieval.nasl - Type: ACT_ATTACK |
