CVE-2008-5116

Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter.

Published: Nov 18, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-5116
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
sun / java_system_identity_manager	6.0-sp2	6.0-sp2.x
sun / java_system_identity_manager	7.0	7.0.x
sun / java_system_identity_manager	6.0-sp1	6.0-sp1.x
sun / java_system_identity_manager	7.1	7.1.x
sun / java_system_identity_manager	6.0-sp3	6.0-sp3.x
sun / java_system_identity_manager	6.0-sp4	6.0-sp4.x
sun / java_system_identity_manager	6.0	6.0.x

http://osvdb.org/49767
http://secunia.com/advisories/32606
http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1
http://www.procheckup.com/Vulnerability_PR08-09.php
http://www.securityfocus.com/archive/1/498487/100/0/threaded
http://www.securityfocus.com/bid/32262
http://www.securitytracker.com/id?1021170
http://www.vupen.com/english/advisories/2008/3128
https://exchange.xforce.ibmcloud.com/vulnerabilities/46554

Vulnerability Database

290,278

CVE-2008-5116