CVE-2008-4284

Sažetak

Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature.

Reference

http://www.securityfocus.com/bid/33700
http://www-1.ibm.com/support/docview.wss?uid=swg21320242
http://www-1.ibm.com/support/docview.wss?uid=swg24021527
https://exchange.xforce.ibmcloud.com/vulnerabilities/47200

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:P

Zadnje važnije ažuriranje

08-08-2017 - 01:32

Objavljeno

10-02-2009 - 22:30