Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0239

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0239
Last Modified 07 Mar 2011 10:04:11
Published 11 Jan 2008 05:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0239

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.

Vulnerable Systems

Application

  • Sun Java System Identity Manager 6.0

  • Sun Java System Identity Manager 7.0

  • Sun Java System Identity Manager 7.1


References

BUGTRAQ - 20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager

MISC - http://www.procheckup.com/Vulnerability_PR07-08.php

MISC - http://www.procheckup.com/Vulnerability_PR07-07.php

MISC - http://www.procheckup.com/Vulnerability_PR07-06.php

XF - sun-identity-main-xss(39583)

XF - sun-identity-resultsform-xss(39582)

XF - sun-identity-lang-xss(39581)

XF - sun-identity-login-xss(39580)

VUPEN - ADV-2008-0089

BID - 27214

MISC - http://www.procheckup.com/Vulnerability_PR07-09.php

SUNALERT - 103180

SECUNIA - 28356

SECTRACK - 1019175

SUNALERT - 200558

SREASON - 3535


Last Updated: 27 May 2016 10:46:43