| VID |
210099 |
| Severity |
30 |
| Port |
8080, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Sun Java System Identity Manager is vulnerable to multiple cross-site scripting vulnerabilities (SUN 103180). Sun Java System Identity Manager is a Java application for user provisioning and identity auditing in enterprise environments. Sun Java System Identity Manager is vulnerable to multiple cross-site scripting vulnerabilities, caused by improper validation of user-supplied input passed to the 'cntry' and 'lang' parameters of the 'login.jsp' script, the 'resultsForm' parameter of the 'account/findForSelect.jsp' script, the 'activeControl' parameter of the 'user/main.jsp' script, the 'helpUrl' parameter of the 'help/index.jsp' script, and the 'nextPage' parameter of the 'user/login.jsp' script. These vulnerabilities could allow a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
* References:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1
http://www.procheckup.com/Vulnerability_PR07-06.php
http://www.procheckup.com/Vulnerability_PR07-07.php
http://www.procheckup.com/Vulnerability_PR07-08.php
http://www.procheckup.com/Vulnerability_PR07-09.php
http://www.procheckup.com/Vulnerability_PR07-10.php
http://www.procheckup.com/Vulnerability_PR07-12.php
http://www.securityfocus.com/archive/1/486076
http://www.frsirt.com/english/advisories/2008/0089
http://securitytracker.com/alerts/2008/Jan/1019175.html
http://secunia.com/advisories/28356
* Platforms Affected:
Sun Java System Identity Manager 6.0
Sun Java System Identity Manager 7.0
Sun Java System Identity Manager 7.1
HP OpenVMS Any version
Linux Any version |
| Recommendation |
Apply the appropriate patch for your system, as listed in Sun Document ID: 200558 at http://sunsolve.sun.com:80/search/document.do?assetkey=1-26-103180-1 |
| Related URL |
CVE-2008-0239,CVE-2008-0240,CVE-2008-0241 (CVE) |
| Related URL |
27214 (SecurityFocus) |
| Related URL |
39580,39581,39582,39583 (ISS) |
|
