CVE-2008-0240 Information

Description

/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3 7.0 and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter aka \frame injection.\

Reference

http://secunia.com/advisories/28356 http://securityreason.com/securityalert/3535 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1 http://www.procheckup.com/Vulnerability_PR07-10.php http://www.securityfocus.com/archive/1/486076/100/0/threaded http://www.securityfocus.com/bid/27214 http://www.vupen.com/english/advisories/2008/0089 https://exchange.xforce.ibmcloud.com/vulnerabilities/39586