CVE-2008-5116

Name of the Vulnerable Software and Affected Versions Sun Java System Identity Manager versions 6.0 through 6.0 SP4 Sun Java System Identity Manager version 7.0 Sun Java System Identity Manager version 7.1

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files on the IDM server's filesystem. This is achieved by using directory traversal sequences in the ext parameter of the idm/includes/helpServer.jsp file.

Recommendations For Sun Java System Identity Manager versions 6.0 through 6.0 SP4, consider restricting access to the helpServer.jsp file until a fix is available. For Sun Java System Identity Manager version 7.0, avoid using the ext parameter in the helpServer.jsp file until the issue is resolved. For Sun Java System Identity Manager version 7.1, restrict access to the vulnerable idm/includes/helpServer.jsp file to minimize the risk of exploitation.