Sun Java System Identity Manager /idm/help/index.jsp' 多个输入验证漏洞'

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1114259 漏洞类型 跨站脚本
发布时间 2008-01-09 更新时间 2008-09-05
CVE编号 CVE-2008-0240 CNNVD-ID CNNVD-200801-172
漏洞平台 JSP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/31006
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200801-172
|漏洞详情
SunJavaSystemCommunicationsExpress为SunJava通讯套件提供了WEB客户端,允许通过浏览器管理邮件、日历、任务等。SunJavaSystemIdentityManager6.0SP1到SP3,7.0以及7.1中的/idm/help/index.jsp允许远程攻击者借助helpUrl参数从任意网站中注入frames和执行网络仿冒攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/27214/info
  
Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input.
  
Attackers can exploit these issues to execute arbitrary HTML and script code in the context of the affected site. Successful exploits could allow an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
  
Sun Java System Identity Manager 6.0 SP1, 6.0 SP2, 6.0 SP3, 7.0, and 7.1 are vulnerable. 

https://www.example.com/idm/help/index.jsp?helpUrl=http://www.example2.com
|参考资料

来源:MISC
链接:http://www.procheckup.com/Vulnerability_PR07-10.php
来源:XF
名称:sun-identity-index-frame-injection(39586)
链接:http://xforce.iss.net/xforce/xfdb/39586
来源:BID
名称:27214
链接:http://www.securityfocus.com/bid/27214
来源:BUGTRAQ
名称:20080110PR07-06,PR07-07,PR07-08,PR07-09,PR07-10,PR07-12:SeveralXSS,Cross-domainRedirectionandFrameInjectiononSunJavaSystemIdentityManager
链接:http://www.securityfocus.com/archive/1/archive/1/486076/100/0/threaded
来源:VUPEN
名称:ADV-2008-0089
链接:http://www.frsirt.com/english/advisories/2008/0089
来源:SUNALERT
名称:103180
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1
来源:SECUNIA
名称:28356
链接:http://secunia.com/advisories/28356
来源:SUNALERT
名称:200558
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1
来源:SREASON
名称:3535
链接:http://securityreason.com/securityalert/3535