Vulnerability Name: | CVE-2008-5550 (CCN-47257) | ||||||||
Assigned: | 2008-12-02 | ||||||||
Published: | 2008-12-02 | ||||||||
Updated: | 2018-10-30 | ||||||||
Summary: | Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Other | ||||||||
References: | Source: MITRE Type: CNA CVE-2008-5550 Source: CONFIRM Type: Patch http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1 Source: CONFIRM Type: Patch http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1 Source: CONFIRM Type: Patch http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1 Source: SUNALERT Type: Vendor Advisory 243786 Source: CCN Type: Sun Alert ID: 243786 Security Vulnerability in the Sun Java Web Console May Allow Unauthorized Redirection Source: CCN Type: NORTEL BULLETIN ID: 2009009293, Rev 1 Nortel: Technical Support: Nortel Response to Sun Alert 243786 - Security Vulnerability in the Sun Java Web Console May Allow Unauthorized Redirection Source: CCN Type: OSVDB ID: 50971 Sun Java Web Console console/faces/jsp/login/BeginLogin.jsp redirect_url Parameter Arbitrary Site Redirect Source: BID Type: Patch 32771 Source: CCN Type: BID-32771 Sun Java Web Console Unspecified URI Redirection Vulnerability Source: XF Type: UNKNOWN sun-javawebconsole-beginlogin-phishing(47257) Source: XF Type: UNKNOWN sun-javawebconsole-unspecified-phishing(47257) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |