CVE-2008-0240

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Identity Manager
Vendor: CVE Published:; 11 January 2008

Summary

/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."

References

http://www.securityfocus.com/archive/1/486076/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

http://www.vupen.com/english/advisories/2008/0089

vdb-entryx_refsource_VUPEN

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 11, 2008
Vulnerability Reserved
Jan 11, 2008