Open Redirect Vulnerability in Sun Java System Identity Manager
CVE-2008-0241

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Identity Manager
Vendor: CVE Published:; 11 January 2008

What is CVE-2008-0241?

An open redirect vulnerability exists in the login.jsp file of Sun Java System Identity Manager versions 6.0 SP1 through SP3, 7.0, and 7.1. This flaw allows attackers to manipulate the 'nextPage' parameter to redirect unsuspecting users to malicious websites. As a result, the vulnerability poses a substantial risk for phishing attacks, where attackers can use deceptive URLs to mislead users into providing sensitive information. Secure your systems by applying the latest patches and reviewing your security configurations.

References

http://www.securityfocus.com/archive/1/486076/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

http://www.vupen.com/english/advisories/2008/0089

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 11, 2008
Vulnerability Reserved
Jan 11, 2008

Oracle

What is CVE-2008-0241?

References

Timeline