CVE-2008-4284
IBM WebSphere Application Server Open Redirect via ibm_security_logout Servlet
Title source: llmDescription
Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature.
References (4)
Core 4
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg24021527
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47200
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33700
Patch, Vendor Advisory x_refsource_confirm
http://www-1.ibm.com/support/docview.wss?uid=swg21320242
Scores
EPSS
0.0186
EPSS Percentile
76.6%
Details
CWE
CWE-59
Status
published
Products (49)
ibm/websphere_application_server
5.0 (2 CPE variants)
ibm/websphere_application_server
5.0.0
ibm/websphere_application_server
5.0.1
ibm/websphere_application_server
5.0.2
ibm/websphere_application_server
5.0.2.1
ibm/websphere_application_server
5.0.2.2
ibm/websphere_application_server
5.0.2.3
ibm/websphere_application_server
5.0.2.4
ibm/websphere_application_server
5.0.2.5
ibm/websphere_application_server
5.0.2.6
... and 39 more
Published
Feb 10, 2009
Tracked Since
Feb 18, 2026