漏洞信息详情
Sun Java System Identity Manager '/idm/user/login.jsp' 多个输入验证漏洞
- CNNVD编号:CNNVD-200801-160
- 危害等级: 中危
- CVE编号: CVE-2008-0241
- 漏洞类型: 输入验证
- 发布时间: 2008-01-11
- 威胁类型: 远程
- 更新时间: 2009-02-04
- 厂 商: sun
- 漏洞来源: Jan Fry and Adrian...
漏洞简介
Sun Java System Communications Express为Sun Java通讯套件提供了WEB客户端,允许通过浏览器管理邮件、日历、任务等 Sun Java System Identity Manager 6.0 SP1到SP3,7.0以及7.1版本下的/idm/user/login.jsp中的开放重定向漏洞允许远程攻击者借助下一页参数中的一个URL引导用户进入任意网站和进行网络仿冒攻击。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: Sun Java System Identity Manager 6.0 Sun 136848-02 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -136848-02-1 Sun Java System Identity Manager 6.0 SP3 Sun 136851-02 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -136851-02-1 Sun Java System Identity Manager 7.1 Sun 136853-02 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -136853-02-1 Sun Java System Identity Manager 7.0 Sun 136852-02 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -136852-02-1 Sun Java System Identity Manager 6.0 SP1 Sun 136849-02 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -136849-02-1 Sun Java System Identity Manager 6.0 SP2 Sun 136580-02 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -136850-02-1
参考网址
来源: MISC 链接:http://www.procheckup.com/Vulnerability_PR07-12.php 来源: SUNALERT 名称: 200558 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1 来源: SUNALERT 名称: 103180 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1 来源: XF 名称: sun-identity-login-security-bypass(39590) 链接:http://xforce.iss.net/xforce/xfdb/39590 来源: BID 名称: 27214 链接:http://www.securityfocus.com/bid/27214 来源: BUGTRAQ 名称: 20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager 链接:http://www.securityfocus.com/archive/1/archive/1/486076/100/0/threaded 来源: VUPEN 名称: ADV-2008-0089 链接:http://www.frsirt.com/english/advisories/2008/0089 来源: SREASON 名称: 3535 链接:http://securityreason.com/securityalert/3535 来源: SECUNIA 名称: 28356 链接:http://secunia.com/advisories/28356
受影响实体
- Sun Java_system_identity_manager:7.1
- Sun Java_system_identity_manager:7.0
- Sun Java_system_identity_manager:6.0:Sp3
- Sun Java_system_identity_manager:6.0:Sp1
- Sun Java_system_identity_manager:6.0:Sp2
补丁
暂无
评论