CVE-2008-5116

{"id": "CVE-2008-5116", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-11-18T00:30:00.420", "references": [{"url": "http://osvdb.org/49767", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32606", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.procheckup.com/Vulnerability_PR08-09.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/498487/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32262", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1021170", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/3128", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46554", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter."}, {"lang": "es", "value": "Una vulnerabilidad de salto de directorio en el archivo idm/includes/helpServer.jsp en Sun Java System Identity Manager versiones 6.0 hasta 6.0 SP4, y versiones 7.0 y 7.1, permite a los atacantes remotos leer archivos arbitrarios en el sistema de archivos del servidor IDM por medio de secuencias de salto de directorio en el par\u00e1metro ext."}], "lastModified": "2018-10-11T20:54:07.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13445915-DF3D-4C52-B1DC-9FC6BE0DD519"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0C2964C-7435-4999-AF16-01CD9EF5782C"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51CFF484-5A52-41DC-A003-A9319DF2AFB8"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A7E88DA-F3A8-4B0F-AD4F-8680C1FB3282"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "861DEDA3-93A1-405A-BA2F-764AE4219D89"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0980492E-B7DB-4B9F-A400-FDC47DB89A95"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A5C87C0-3734-4568-97A6-6AB8979AABE7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}