Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0240

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0240
Last Modified 07 Mar 2011 10:04:11
Published 11 Jan 2008 05:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0240

Summary

/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."

Vulnerable Systems

Application

  • Sun Java System Identity Manager 6.0

  • Sun Java System Identity Manager 7.0

  • Sun Java System Identity Manager 7.1


References

MISC - http://www.procheckup.com/Vulnerability_PR07-10.php

XF - sun-identity-index-frame-injection(39586)

VUPEN - ADV-2008-0089

BID - 27214

BUGTRAQ - 20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager

SUNALERT - 103180

SECUNIA - 28356

SUNALERT - 200558

SREASON - 3535


Last Updated: 27 May 2016 10:46:43