Vulnerability CVE-2008-5118 - CERT Civis.Net

Vulnerability Name:

CVE-2008-5118 (CCN-46555)

Assigned:

2008-11-11

Published:

2008-11-11

Updated:

2017-08-08

Summary:

Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection."

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-5118

Source: OSVDB
Type: UNKNOWN
49769

Source: CCN
Type: SA32606
Sun Java System Identity Manager Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
32606

Source: CCN
Type: SECTRACK ID: 1021170
Sun Java System Identity Manager Bugs Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks and Disclose Files to Remote Users

Source: SUNALERT
Type: UNKNOWN
243386

Source: CCN
Type: Sun Alert ID: 243386
Multiple Security Vulnerabilities in Sun Java System Identity Manager

Source: CCN
Type: ASA-2008-453
Multiple Security Vulnerabilities in Sun Java System Identity Manager (Sun 243386)

Source: CCN
Type: OSVDB ID: 49769
Sun Java System Identity Manager Unspecified Arbitrary Frame Injection

Source: BID
Type: UNKNOWN
32262

Source: CCN
Type: BID-32262
Sun Java System Identity Manager Multiple Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1021170

Source: CCN
Type: Sun Web site
Sun Identity Manager

Source: VUPEN
Type: UNKNOWN
ADV-2008-3128

Source: XF
Type: UNKNOWN
sun-jsim-frames-xss(46555)

Source: XF
Type: UNKNOWN
sun-jsim-frames-xss(46555)

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:java_system_identity_manager:6.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp4:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:java_system_identity_manager:6.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp4:*:*:*:*:*:*

Denotes that component is vulnerable