CVE-2008-5115

Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/49766
http://secunia.com/advisories/32606	Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1	Patch Vendor Advisory
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11
http://www.securityfocus.com/archive/1/498479/100/0/threaded
http://www.securityfocus.com/bid/32262
http://www.securitytracker.com/id?1021170
http://www.vupen.com/english/advisories/2008/3128
https://exchange.xforce.ibmcloud.com/vulnerabilities/46553

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sun:java_system_identity_manager:6.0:::::::*
	cpe:2.3:a:sun:java_system_identity_manager:6.0:sp1::::::
	cpe:2.3:a:sun:java_system_identity_manager:6.0:sp2::::::
	cpe:2.3:a:sun:java_system_identity_manager:6.0:sp3::::::
	cpe:2.3:a:sun:java_system_identity_manager:6.0:sp4::::::
	cpe:2.3:a:sun:java_system_identity_manager:7.0:::::::*
	cpe:2.3:a:sun:java_system_identity_manager:7.1:::::::*

History

No history.

Information

Published : 2008-11-18 00:30

Updated : 2024-02-04 17:33

NVD link : CVE-2008-5115

Mitre link : CVE-2008-5115

CVE.ORG link : CVE-2008-5115

JSON object : View

Products Affected

sun

java_system_identity_manager

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2008-5115", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": true}]}, "published": "2008-11-18T00:30:00.360", "references": [{"url": "http://osvdb.org/49766", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32606", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/498479/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32262", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1021170", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/3128", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46553", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Sun Java System Identity Manager en versiones 6.0 hasta 6.0 SP4 , versiones 7.0 y 7.1, permite a los atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que actualizan la contrase\u00f1a por medio del archivo idm/admin/changeself.jsp."}], "lastModified": "2018-10-11T20:54:06.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13445915-DF3D-4C52-B1DC-9FC6BE0DD519"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0C2964C-7435-4999-AF16-01CD9EF5782C"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51CFF484-5A52-41DC-A003-A9319DF2AFB8"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A7E88DA-F3A8-4B0F-AD4F-8680C1FB3282"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "861DEDA3-93A1-405A-BA2F-764AE4219D89"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0980492E-B7DB-4B9F-A400-FDC47DB89A95"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A5C87C0-3734-4568-97A6-6AB8979AABE7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}