CVE-2008-5115 Information

Description

Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4 7.0 and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.

Reference

http://osvdb.org/49766 http://secunia.com/advisories/32606 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11 http://www.securityfocus.com/archive/1/498479/100/0/threaded http://www.securityfocus.com/bid/32262 http://www.securitytracker.com/id?1021170 http://www.vupen.com/english/advisories/2008/3128 https://exchange.xforce.ibmcloud.com/vulnerabilities/46553