OSVDB ID: 49766

Title: Sun Java System Identity Manager Admin /idm/admin/changeself.jsp Update Password CSRF

Info

Disclosure

Nov 11, 2008

Discovery

Unknown

Dates

Exploit

Nov 19, 2008

Solution

Unknown

Description

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 8.0 or higher, as it has been reported to fix this vulnerability. In addition, Sun has released a patch for some older versions.

Products

Unknown or Incomplete

References

CVE ID: 2008-5115 (see also: NVD)
Bugtraq ID: 32262
Secunia Advisory ID: 32606
ISS X-Force ID: 46553
Related OSVDB ID: 49765 49767 49768 49769
VUPEN Advisory: ADV-2008-3128
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2008-11/0131.html
Vendor Specific Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243386-1

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/49766