CVE-2008-5115

Sun Java System Identity Manager 6.0-6.0 SP4, 7.0, 7.1 - Cross-Site Request Forgery via Password Update

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5115. PoCs published by Richard Brain.

AI-analyzed exploit summary This exploit demonstrates a CSRF attack against Sun Java System Identity Manager, allowing an attacker to change the administrative password to 'Password19' without user interaction. The PoC uses a simple HTML page with JavaScript to trigger the malicious request.

Description

Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Richard Brain · htmlwebappsjsp

https://www.exploit-db.com/exploits/32579

View Code ZIP pw:eip

This exploit demonstrates a CSRF attack against Sun Java System Identity Manager, allowing an attacker to change the administrative password to 'Password19' without user interaction. The PoC uses a simple HTML page with JavaScript to trigger the malicious request.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Sun Java System Identity Manager 6.0, 6.0 SP1-4, 7.0, 7.1

No auth needed

Prerequisites: Victim must visit the malicious HTML page · Target application must be accessible and vulnerable

MITRE ATT&CK