CVE-2008-4284

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-4284
Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature.

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://www-1.ibm.com/support/docview.wss?uid=swg21320242 Patch Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg24021527 Patch Vendor Advisory
http://www.securityfocus.com/bid/33700
https://exchange.xforce.ibmcloud.com/vulnerabilities/47200
http://www-1.ibm.com/support/docview.wss?uid=swg21320242 Patch Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg24021527 Patch Vendor Advisory
http://www.securityfocus.com/bid/33700
https://exchange.xforce.ibmcloud.com/vulnerabilities/47200
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:websphere_application_server:5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0:*:z_os:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.12:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.13:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.14:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.15:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.16:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1.18:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1.19:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.13:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.15:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.17:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.15:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.17:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.19:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.23:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.25:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.27:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.28:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.29:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.30:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.31:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.32:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.13:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.14:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.16:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.20:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.22:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.14:*:*:*:*:*:*:*
History

21 Nov 2024, 00:51

Type Values Removed Values Added
References () http://www-1.ibm.com/support/docview.wss?uid=swg21320242 - Patch, Vendor Advisory () http://www-1.ibm.com/support/docview.wss?uid=swg21320242 - Patch, Vendor Advisory
References () http://www-1.ibm.com/support/docview.wss?uid=swg24021527 - Patch, Vendor Advisory () http://www-1.ibm.com/support/docview.wss?uid=swg24021527 - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/33700 - () http://www.securityfocus.com/bid/33700 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/47200 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/47200 -
Information

Published : 2009-02-10 22:30

Updated : 2024-11-21 00:51

NVD link : CVE-2008-4284

Mitre link : CVE-2008-4284

CVE.ORG link : CVE-2008-4284

JSON object : View

Products Affected

ibm

  • websphere_application_server
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024