Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5116

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2008-5116
Last Modified 07 Mar 2011 12:00:00
Published 17 Nov 2008 07:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5116

Summary

Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter.

Vulnerable Systems

Application

  • Sun Java System Identity Manager 6.0

  • Sun Java System Identity Manager 7.0

  • Sun Java System Identity Manager 7.1


References

SUNALERT - 243386

XF - sun-jsim-unspecified-security-bypass(46554)

VUPEN - ADV-2008-3128

SECTRACK - 1021170

BID - 32262

BUGTRAQ - 20081119 PR08-09: Unauthenticated File Retrieval on Sun Java System Identity Manager

MISC - http://www.procheckup.com/Vulnerability_PR08-09.php

SECUNIA - 32606

OSVDB - 49767

BUGTRAQ - 20081119 PR08-09: Unauthenticated File Retrieval on Sun Java System Identity Manager "ext" parameter


Last Updated: 27 May 2016 10:49:57