CVE-2008-5116

Published: Nov 18, 2008Modified: Apr 23, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter.

Affected (7)

Products: Sun: Java System Identity Manager

1 product

Java System Identity Manager

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Sun Java System Identity Manager	Version 6.0
Sun Java System Identity Manager	Version 6.0 sp1
Sun Java System Identity Manager	Version 6.0 sp2
Sun Java System Identity Manager	Version 6.0 sp3
Sun Java System Identity Manager	Version 6.0 sp4
Sun Java System Identity Manager	Version 7.0
Sun Java System Identity Manager	Version 7.1

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (18)

http://osvdb.org/49767

Source: cve@mitre.org

http://secunia.com/advisories/32606

Source: cve@mitre.org

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1

Source: cve@mitre.org

PatchVendor Advisory

http://www.procheckup.com/Vulnerability_PR08-09.php

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/498487/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/32262

Source: cve@mitre.org

Exploit

http://www.securitytracker.com/id?1021170

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/3128

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/46554

Source: cve@mitre.org

http://osvdb.org/49767

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32606

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.procheckup.com/Vulnerability_PR08-09.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/498487/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/32262

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securitytracker.com/id?1021170

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/3128

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/46554

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.