CVE-2008-0240

/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."

Link	Resource
http://www.procheckup.com/Vulnerability_PR07-10.php	Exploit Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1
http://www.securityfocus.com/bid/27214
http://secunia.com/advisories/28356	Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1
http://securityreason.com/securityalert/3535
http://www.vupen.com/english/advisories/2008/0089
https://exchange.xforce.ibmcloud.com/vulnerabilities/39586
http://www.securityfocus.com/archive/1/486076/100/0/threaded

Configuration 1

cpe:2.3:a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:* cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:* cpe:2.3:a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:* cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:* cpe:2.3:a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:*

---

Published : 2008-01-11 10:46

Updated : 2018-10-15 09:58

---

NVD link : CVE-2008-0240

Mitre link : CVE-2008-0240

No products.

CWE-79