ID CVE-2008-5550
Summary Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:sun:java_web_console:3.0.2
    cpe:2.3:a:sun:java_web_console:3.0.2
  • cpe:2.3:a:sun:java_web_console:3.0.3
    cpe:2.3:a:sun:java_web_console:3.0.3
  • cpe:2.3:a:sun:java_web_console:3.0.4
    cpe:2.3:a:sun:java_web_console:3.0.4
  • cpe:2.3:a:sun:java_web_console:3.0.5
    cpe:2.3:a:sun:java_web_console:3.0.5
  • cpe:2.3:o:sun:solaris:10:-:sparc
    cpe:2.3:o:sun:solaris:10:-:sparc
  • cpe:2.3:o:sun:solaris:10:-:x86
    cpe:2.3:o:sun:solaris:10:-:x86
  • Sun SunOS (Solaris 10) 5.10
    cpe:2.3:o:sun:sunos:5.10
CVSS
Base: 4.3 (as of 15-12-2008 - 13:17)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Web Servers
    NASL id SUN_JAVA_WEB_CONSOLE_URI_REDIRECT.NASL
    description The version of Sun Java Web Console running on the remote host may have a URI redirection vulnerability. An attacker could exploit this by tricking a user into requesting a specially crafted URL, which would redirect the user to an arbitrary website. This could result in further attacks (e.g. phishing).
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 17725
    published 2011-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17725
    title Sun Java Web Console BeginLogin.jsp redirect_url Parameter URI Redirection
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_136986.NASL
    description Sun Java Web Console 3.0.2_x86: Security fixes. Date this patch was last updated by Sun : Jun/25/09
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 31599
    published 2008-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31599
    title Solaris 8 (x86) : 136986-03
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_125952.NASL
    description Oracle Java Web Console 3.1. Date this patch was last updated by Sun : May/14/10 This plugin has been deprecated and either replaced with individual 125952 patch-revision plugins, or deemed non-security related.
    last seen 2019-01-16
    modified 2018-07-30
    plugin id 27073
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27073
    title Solaris 10 (sparc) : 125952-20 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_125950.NASL
    description Oracle Java Web Console 3.1. Date this patch was last updated by Sun : May/14/10
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 27093
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27093
    title Solaris 9 (sparc) : 125950-20
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_125951.NASL
    description Oracle Java Web Console 3.1[_x86]. Date this patch was last updated by Sun : May/14/10
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 27100
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27100
    title Solaris 9 (x86) : 125951-20
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_125953-20.NASL
    description Oracle Java Web Console 3.1[_x86]. Date this patch was last updated by Sun : May/14/10
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107945
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107945
    title Solaris 10 (x86) : 125953-20
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_125953.NASL
    description Oracle Java Web Console 3.1[_x86]. Date this patch was last updated by Sun : May/14/10 This plugin has been deprecated and either replaced with individual 125953 patch-revision plugins, or deemed non-security related.
    last seen 2019-01-16
    modified 2018-07-30
    plugin id 27078
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27078
    title Solaris 10 (x86) : 125953-20 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_125952-20.NASL
    description Oracle Java Web Console 3.1. Date this patch was last updated by Sun : May/14/10
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107445
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107445
    title Solaris 10 (sparc) : 125952-20
refmap via4
bid 32771
confirm
sunalert 243786
xf sun-javawebconsole-unspecified-phishing(47257)
Last major update 15-12-2008 - 00:00
Published 12-12-2008 - 13:30
Last modified 30-10-2018 - 12:25
Back to Top