CVE-2008-5116
Sun Java System Identity Manager 6.0-6.0 SP4, 7.0, 7.1 - Path Traversal via Help Server ext Parameter
Title source: llmDescription
Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter.
References (9)
Core 9
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32606
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46554
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/498487/100/0/threaded
Various Sources x_refsource_misc
http://www.procheckup.com/Vulnerability_PR08-09.php
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32262
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3128
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1021170
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/49767
Scores
EPSS
0.0072
EPSS Percentile
72.8%
Details
CWE
CWE-22
Status
published
Products (3)
sun/java_system_identity_manager
6.0 (5 CPE variants)
sun/java_system_identity_manager
7.0
sun/java_system_identity_manager
7.1
Published
Nov 18, 2008
Tracked Since
Feb 18, 2026