CVE-2008-5115

Currently unrated

Key Information:

Vendor
Oracle
Status
Java System Identity Manager
Vendor
CVE Published:
18 November 2008

Summary

Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...
vendor-advisoryx_refsource_SUNALERT
http://secunia.com/advisories/32606
third-party-advisoryx_refsource_SECUNIA
http://www.procheckup.com/vulnerability_manager/vulnerabi...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.