CVE-2008-5550

Name of the Vulnerable Software and Affected Versions Sun Java Web Console versions 3.0.2 through 3.0.5 Solaris 10

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This is achieved via the redirect url parameter in the console/faces/jsp/login/BeginLogin.jsp endpoint.

Recommendations For Sun Java Web Console versions 3.0.2 through 3.0.5, avoid using the redirect url parameter in the console/faces/jsp/login/BeginLogin.jsp endpoint until the issue is resolved. For Solaris 10, restrict access to the vulnerable console/faces/jsp/login/BeginLogin.jsp endpoint to minimize the risk of exploitation.