Vulnerability CVE-2008-5117 - CERT Civis.Net

Vulnerability Name:

CVE-2008-5117 (CCN-46556)

Assigned:

2008-11-11

Published:

2008-11-11

Updated:

2017-08-08

Summary:

Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2008-5117

Source: OSVDB
Type: UNKNOWN
49768

Source: CCN
Type: SA32606
Sun Java System Identity Manager Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
32606

Source: CCN
Type: SECTRACK ID: 1021170
Sun Java System Identity Manager Bugs Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks and Disclose Files to Remote Users

Source: SUNALERT
Type: Patch, Vendor Advisory
243386

Source: CCN
Type: Sun Alert ID: 243386
Multiple Security Vulnerabilities in Sun Java System Identity Manager

Source: CCN
Type: ASA-2008-453
Multiple Security Vulnerabilities in Sun Java System Identity Manager (Sun 243386)

Source: CCN
Type: OSVDB ID: 49768
Sun Java System Identity Manager Unspecified Arbitrary Site Redirection

Source: CCN
Type: BID-32232
GnuTLS X.509 Certificate Chain Security Bypass Vulnerability

Source: BID
Type: UNKNOWN
32262

Source: CCN
Type: BID-32262
Sun Java System Identity Manager Multiple Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1021170

Source: CCN
Type: Sun Web site
Sun Identity Manager

Source: VUPEN
Type: UNKNOWN
ADV-2008-3128

Source: XF
Type: UNKNOWN
sun-jsim-unspecified-redirect(46556)

Source: XF
Type: UNKNOWN
sun-jsim-unspecified-redirect(46556)

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:java_system_identity_manager:6.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp4:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:java_system_identity_manager:6.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp4:*:*:*:*:*:*

Denotes that component is vulnerable