CVE-2008-5116 - OpenCVE

Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:C/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sun	Java System Identity Manager

Configuration 1 [-]

OR	cpe:2.3:a:sun:java_system_identity_manager:6.0:::::::*
	cpe:2.3:a:sun:java_system_identity_manager:6.0:sp1::::::
	cpe:2.3:a:sun:java_system_identity_manager:6.0:sp2::::::
	cpe:2.3:a:sun:java_system_identity_manager:6.0:sp3::::::
	cpe:2.3:a:sun:java_system_identity_manager:6.0:sp4::::::
	cpe:2.3:a:sun:java_system_identity_manager:7.0:::::::*
	cpe:2.3:a:sun:java_system_identity_manager:7.1:::::::*

References

Link	Resource
http://osvdb.org/49767
http://secunia.com/advisories/32606	Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1	Patch Vendor Advisory
http://www.procheckup.com/Vulnerability_PR08-09.php
http://www.securityfocus.com/archive/1/498487/100/0/threaded
http://www.securityfocus.com/bid/32262	Exploit
http://www.securitytracker.com/id?1021170
http://www.vupen.com/english/advisories/2008/3128	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/46554

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-11-18T00:00:00

Updated: 2018-10-11T19:57:01

Reserved: 2008-11-17T00:00:00

Link: CVE-2008-5116

JSON object: View

NVD Information

Status : Modified

Published: 2008-11-18T00:30:00.420

Modified: 2018-10-11T20:54:07.427

Link: CVE-2008-5116

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-11T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "243386", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1"}, {"name": "32606", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32606"}, {"name": "sun-jsim-unspecified-security-bypass(46554)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46554"}, {"name": "20081119 PR08-09: Unauthenticated File Retrieval on Sun Java System Identity Manager \"ext\" parameter", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/498487/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.procheckup.com/Vulnerability_PR08-09.php"}, {"name": "32262", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32262"}, {"name": "ADV-2008-3128", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3128"}, {"name": "1021170", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021170"}, {"name": "49767", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/49767"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5116", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "243386", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1"}, {"name": "32606", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32606"}, {"name": "sun-jsim-unspecified-security-bypass(46554)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46554"}, {"name": "20081119 PR08-09: Unauthenticated File Retrieval on Sun Java System Identity Manager \"ext\" parameter", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/498487/100/0/threaded"}, {"name": "http://www.procheckup.com/Vulnerability_PR08-09.php", "refsource": "MISC", "url": "http://www.procheckup.com/Vulnerability_PR08-09.php"}, {"name": "32262", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32262"}, {"name": "ADV-2008-3128", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3128"}, {"name": "1021170", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021170"}, {"name": "49767", "refsource": "OSVDB", "url": "http://osvdb.org/49767"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5116", "datePublished": "2008-11-18T00:00:00", "dateReserved": "2008-11-17T00:00:00", "dateUpdated": "2018-10-11T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "13445915-DF3D-4C52-B1DC-9FC6BE0DD519", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "D0C2964C-7435-4999-AF16-01CD9EF5782C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "51CFF484-5A52-41DC-A003-A9319DF2AFB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "9A7E88DA-F3A8-4B0F-AD4F-8680C1FB3282", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "861DEDA3-93A1-405A-BA2F-764AE4219D89", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "0980492E-B7DB-4B9F-A400-FDC47DB89A95", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A5C87C0-3734-4568-97A6-6AB8979AABE7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter."}, {"lang": "es", "value": "Una vulnerabilidad de salto de directorio en el archivo idm/includes/helpServer.jsp en Sun Java System Identity Manager versiones 6.0 hasta 6.0 SP4, y versiones 7.0 y 7.1, permite a los atacantes remotos leer archivos arbitrarios en el sistema de archivos del servidor IDM por medio de secuencias de salto de directorio en el par\u00e1metro ext."}], "id": "CVE-2008-5116", "lastModified": "2018-10-11T20:54:07.427", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-11-18T00:30:00.420", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/49767"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32606"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1"}, {"source": "cve@mitre.org", "url": "http://www.procheckup.com/Vulnerability_PR08-09.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/498487/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/32262"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1021170"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/3128"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46554"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}