Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4284

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2008-4284
Last Modified 11 Feb 2009 12:00:00
Published 10 Feb 2009 05:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4284

Summary

Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 5.0

  • Ibm Websphere Application Server 5.0.0

  • Ibm Websphere Application Server 5.0.1

  • Ibm Websphere Application Server 5.0.2

  • Ibm Websphere Application Server 5.0.2.1

  • Ibm Websphere Application Server 5.0.2.10

  • Ibm Websphere Application Server 5.0.2.11

  • Ibm Websphere Application Server 5.0.2.12

  • Ibm Websphere Application Server 5.0.2.13

  • Ibm Websphere Application Server 5.0.2.14

  • Ibm Websphere Application Server 5.0.2.15

  • Ibm Websphere Application Server 5.0.2.16

  • Ibm Websphere Application Server 5.0.2.2

  • Ibm Websphere Application Server 5.0.2.3

  • Ibm Websphere Application Server 5.0.2.4

  • Ibm Websphere Application Server 5.0.2.5

  • Ibm Websphere Application Server 5.0.2.6

  • Ibm Websphere Application Server 5.0.2.7

  • Ibm Websphere Application Server 5.0.2.8

  • Ibm Websphere Application Server 5.0.2.9

  • Ibm Websphere Application Server 5.1.0

  • Ibm Websphere Application Server 5.1.0.2

  • Ibm Websphere Application Server 5.1.0.3

  • Ibm Websphere Application Server 5.1.0.4

  • Ibm Websphere Application Server 5.1.0.5

  • Ibm Websphere Application Server 5.1.1

  • Ibm Websphere Application Server 5.1.1.1

  • Ibm Websphere Application Server 5.1.1.10

  • Ibm Websphere Application Server 5.1.1.11

  • Ibm Websphere Application Server 5.1.1.12

  • Ibm Websphere Application Server 5.1.1.13

  • Ibm Websphere Application Server 5.1.1.14

  • Ibm Websphere Application Server 5.1.1.15

  • Ibm Websphere Application Server 5.1.1.16

  • Ibm Websphere Application Server 5.1.1.17

  • Ibm Websphere Application Server 5.1.1.18

  • Ibm Websphere Application Server 5.1.1.19

  • Ibm Websphere Application Server 6.0

  • Ibm Websphere Application Server 6.0.0.1

  • Ibm Websphere Application Server 6.0.0.2

  • Ibm Websphere Application Server 6.0.0.3

  • Ibm Websphere Application Server 6.0.1

  • Ibm Websphere Application Server 6.0.1.1

  • Ibm Websphere Application Server 6.0.1.11

  • Ibm Websphere Application Server 6.0.1.13

  • Ibm Websphere Application Server 6.0.1.15

  • Ibm Websphere Application Server 6.0.1.17

  • Ibm Websphere Application Server 6.0.1.2

  • Ibm Websphere Application Server 6.0.1.3

  • Ibm Websphere Application Server 6.0.1.5

  • Ibm Websphere Application Server 6.0.1.7

  • Ibm Websphere Application Server 6.0.1.9

  • Ibm Websphere Application Server 6.0.2

  • Ibm Websphere Application Server 6.0.2.1

  • Ibm Websphere Application Server 6.0.2.11

  • Ibm Websphere Application Server 6.0.2.13

  • Ibm Websphere Application Server 6.0.2.15

  • Ibm Websphere Application Server 6.0.2.17

  • Ibm Websphere Application Server 6.0.2.19

  • Ibm Websphere Application Server 6.0.2.2

  • Ibm Websphere Application Server 6.0.2.22

  • Ibm Websphere Application Server 6.0.2.23

  • Ibm Websphere Application Server 6.0.2.24

  • Ibm Websphere Application Server 6.0.2.25

  • Ibm Websphere Application Server 6.0.2.27

  • Ibm Websphere Application Server 6.0.2.28

  • Ibm Websphere Application Server 6.0.2.29

  • Ibm Websphere Application Server 6.0.2.3

  • Ibm Websphere Application Server 6.0.2.30

  • Ibm Websphere Application Server 6.0.2.31

  • Ibm Websphere Application Server 6.0.2.32

  • Ibm Websphere Application Server 6.0.2.4

  • Ibm Websphere Application Server 6.0.2.5

  • Ibm Websphere Application Server 6.0.2.6

  • Ibm Websphere Application Server 6.0.2.7

  • Ibm Websphere Application Server 6.0.2.9

  • Ibm Websphere Application Server 6.1

  • Ibm Websphere Application Server 6.1.0

  • Ibm Websphere Application Server 6.1.0.0

  • Ibm Websphere Application Server 6.1.0.1

  • Ibm Websphere Application Server 6.1.0.10

  • Ibm Websphere Application Server 6.1.0.11

  • Ibm Websphere Application Server 6.1.0.12

  • Ibm Websphere Application Server 6.1.0.13

  • Ibm Websphere Application Server 6.1.0.14

  • Ibm Websphere Application Server 6.1.0.15

  • Ibm Websphere Application Server 6.1.0.16

  • Ibm Websphere Application Server 6.1.0.17

  • Ibm Websphere Application Server 6.1.0.18

  • Ibm Websphere Application Server 6.1.0.19

  • Ibm Websphere Application Server 6.1.0.2

  • Ibm Websphere Application Server 6.1.0.20

  • Ibm Websphere Application Server 6.1.0.21

  • Ibm Websphere Application Server 6.1.0.22

  • Ibm Websphere Application Server 6.1.0.3

  • Ibm Websphere Application Server 6.1.0.4

  • Ibm Websphere Application Server 6.1.0.5

  • Ibm Websphere Application Server 6.1.0.6

  • Ibm Websphere Application Server 6.1.0.7

  • Ibm Websphere Application Server 6.1.0.8

  • Ibm Websphere Application Server 6.1.0.9

  • Ibm Websphere Application Server 6.1.1

  • Ibm Websphere Application Server 6.1.13

  • Ibm Websphere Application Server 6.1.14

  • Ibm Websphere Application Server 6.1.3

  • Ibm Websphere Application Server 6.1.5

  • Ibm Websphere Application Server 6.1.6

  • Ibm Websphere Application Server 6.1.7


References

AIXAPAR - PK71126

CONFIRM - http://www-1.ibm.com/support/docview.wss?uid=swg21320242

XF - websphere-logoutexitpage-disclosure(47200)

BID - 33700


Last Updated: 27 May 2016 10:48:26