Lucene search
MitreCVE-2008-4284HistoryFeb 10, 2009 - 10:30 p.m.
CVE-2008-4284
2009-02-1022:30:00
CWE-59
mitre
web.nvd.nist.gov
35
ibm
websphere
application server
open redirect
vulnerability
cve-2008-4284
nvd
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
AI Score
6.8
Confidence
High
EPSS
0.003
Percentile
68.5%
Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature.
Affected configurations
Node
ibmwebsphere_application_serverMatch5.0
ORibmwebsphere_application_serverMatch5.0z_os
ORibmwebsphere_application_serverMatch5.0.0
ORibmwebsphere_application_serverMatch5.0.1
ORibmwebsphere_application_serverMatch5.0.2
ORibmwebsphere_application_serverMatch5.0.2.1
ORibmwebsphere_application_serverMatch5.0.2.2
ORibmwebsphere_application_serverMatch5.0.2.3
ORibmwebsphere_application_serverMatch5.0.2.4
ORibmwebsphere_application_serverMatch5.0.2.5
ORibmwebsphere_application_serverMatch5.0.2.6
ORibmwebsphere_application_serverMatch5.0.2.7
ORibmwebsphere_application_serverMatch5.0.2.8
ORibmwebsphere_application_serverMatch5.0.2.9
ORibmwebsphere_application_serverMatch5.0.2.10
ORibmwebsphere_application_serverMatch5.0.2.11
ORibmwebsphere_application_serverMatch5.0.2.12
ORibmwebsphere_application_serverMatch5.0.2.13
ORibmwebsphere_application_serverMatch5.0.2.14
ORibmwebsphere_application_serverMatch5.0.2.15
ORibmwebsphere_application_serverMatch5.0.2.16
ORibmwebsphere_application_serverMatch5.1.0
ORibmwebsphere_application_serverMatch5.1.0.2
ORibmwebsphere_application_serverMatch5.1.0.3
ORibmwebsphere_application_serverMatch5.1.0.4
ORibmwebsphere_application_serverMatch5.1.0.5
ORibmwebsphere_application_serverMatch5.1.1
ORibmwebsphere_application_serverMatch5.1.1.1
ORibmwebsphere_application_serverMatch5.1.1.10
ORibmwebsphere_application_serverMatch5.1.1.11
ORibmwebsphere_application_serverMatch5.1.1.12
ORibmwebsphere_application_serverMatch5.1.1.13
ORibmwebsphere_application_serverMatch5.1.1.14
ORibmwebsphere_application_serverMatch5.1.1.15
ORibmwebsphere_application_serverMatch5.1.1.16
ORibmwebsphere_application_serverMatch5.1.1.17
ORibmwebsphere_application_serverMatch5.1.1.18
ORibmwebsphere_application_serverMatch5.1.1.19
ORibmwebsphere_application_serverMatch6.0
ORibmwebsphere_application_serverMatch6.0.0.1
ORibmwebsphere_application_serverMatch6.0.0.2
ORibmwebsphere_application_serverMatch6.0.0.3
ORibmwebsphere_application_serverMatch6.0.1
ORibmwebsphere_application_serverMatch6.0.1.1
ORibmwebsphere_application_serverMatch6.0.1.2
ORibmwebsphere_application_serverMatch6.0.1.3
ORibmwebsphere_application_serverMatch6.0.1.5
ORibmwebsphere_application_serverMatch6.0.1.7
ORibmwebsphere_application_serverMatch6.0.1.9
ORibmwebsphere_application_serverMatch6.0.1.11
ORibmwebsphere_application_serverMatch6.0.1.13
ORibmwebsphere_application_serverMatch6.0.1.15
ORibmwebsphere_application_serverMatch6.0.1.17
ORibmwebsphere_application_serverMatch6.0.2
ORibmwebsphere_application_serverMatch6.0.2.1
ORibmwebsphere_application_serverMatch6.0.2.2
ORibmwebsphere_application_serverMatch6.0.2.3
ORibmwebsphere_application_serverMatch6.0.2.4
ORibmwebsphere_application_serverMatch6.0.2.5
ORibmwebsphere_application_serverMatch6.0.2.6
ORibmwebsphere_application_serverMatch6.0.2.7
ORibmwebsphere_application_serverMatch6.0.2.9
ORibmwebsphere_application_serverMatch6.0.2.11
ORibmwebsphere_application_serverMatch6.0.2.13
ORibmwebsphere_application_serverMatch6.0.2.15
ORibmwebsphere_application_serverMatch6.0.2.17
ORibmwebsphere_application_serverMatch6.0.2.19
ORibmwebsphere_application_serverMatch6.0.2.22
ORibmwebsphere_application_serverMatch6.0.2.23
ORibmwebsphere_application_serverMatch6.0.2.24
ORibmwebsphere_application_serverMatch6.0.2.25
ORibmwebsphere_application_serverMatch6.0.2.27
ORibmwebsphere_application_serverMatch6.0.2.28
ORibmwebsphere_application_serverMatch6.0.2.29
ORibmwebsphere_application_serverMatch6.0.2.30
ORibmwebsphere_application_serverMatch6.0.2.31
ORibmwebsphere_application_serverMatch6.0.2.32
ORibmwebsphere_application_serverMatch6.1
ORibmwebsphere_application_serverMatch6.1.0
ORibmwebsphere_application_serverMatch6.1.0.0
ORibmwebsphere_application_serverMatch6.1.0.1
ORibmwebsphere_application_serverMatch6.1.0.2
ORibmwebsphere_application_serverMatch6.1.0.3
ORibmwebsphere_application_serverMatch6.1.0.4
ORibmwebsphere_application_serverMatch6.1.0.5
ORibmwebsphere_application_serverMatch6.1.0.6
ORibmwebsphere_application_serverMatch6.1.0.7
ORibmwebsphere_application_serverMatch6.1.0.8
ORibmwebsphere_application_serverMatch6.1.0.9
ORibmwebsphere_application_serverMatch6.1.0.10
ORibmwebsphere_application_serverMatch6.1.0.11
ORibmwebsphere_application_serverMatch6.1.0.12
ORibmwebsphere_application_serverMatch6.1.0.13
ORibmwebsphere_application_serverMatch6.1.0.14
ORibmwebsphere_application_serverMatch6.1.0.15
ORibmwebsphere_application_serverMatch6.1.0.16
ORibmwebsphere_application_serverMatch6.1.0.17
ORibmwebsphere_application_serverMatch6.1.0.18
ORibmwebsphere_application_serverMatch6.1.0.19
ORibmwebsphere_application_serverMatch6.1.0.20
ORibmwebsphere_application_serverMatch6.1.0.21
ORibmwebsphere_application_serverMatch6.1.0.22
ORibmwebsphere_application_serverMatch6.1.1
ORibmwebsphere_application_serverMatch6.1.3
ORibmwebsphere_application_serverMatch6.1.5
ORibmwebsphere_application_serverMatch6.1.6
ORibmwebsphere_application_serverMatch6.1.7
ORibmwebsphere_application_serverMatch6.1.13
ORibmwebsphere_application_serverMatch6.1.14
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | 5.0 | cpe:2.3:a:ibm:websphere_application_server:5.0:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0 | cpe:2.3:a:ibm:websphere_application_server:5.0:*:z_os:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.0 | cpe:2.3:a:ibm:websphere_application_server:5.0.0:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.1 | cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.2 | cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.2.1 | cpe:2.3:a:ibm:websphere_application_server:5.0.2.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.2.2 | cpe:2.3:a:ibm:websphere_application_server:5.0.2.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.2.3 | cpe:2.3:a:ibm:websphere_application_server:5.0.2.3:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.2.4 | cpe:2.3:a:ibm:websphere_application_server:5.0.2.4:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.2.5 | cpe:2.3:a:ibm:websphere_application_server:5.0.2.5:*:*:*:*:*:*:* |
Related
prion
prion
Open redirect
2009-02-10 22:30:00
cvelist
cvelist
CVE-2008-4284
2009-02-10 22:13:00
nvd
nvd
CVE-2008-4284
2009-02-10 22:30:00
nessus
nessus
IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws
2009-04-15 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
AI Score
6.8
Confidence
High
EPSS
0.003
Percentile
68.5%
Related for CVE-2008-4284