CVE-2008-4284 : Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and ea

Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature.

Published 2009-02-10 22:30:00

Updated 2017-08-08 01:32:32

Source MITRE

View at NVD, CVE.org

Vulnerability category: Open redirect

Threat overview for CVE-2008-4284

Top countries where our scanners detected CVE-2008-4284

Top open port discovered on systems with this issue 9080

IPs affected by CVE-2008-4284 1,106

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2008-4284!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2008-4284

Probability of exploitation activity in the next 30 days: 0.28%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-4284

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:P	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2008-4284

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-4284

http://www-1.ibm.com/support/docview.wss?uid=swg21320242

Patch;Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg24021527

Patch;Vendor Advisory
http://www.securityfocus.com/bid/33700

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/47200

Products affected by CVE-2008-4284

IBM » Websphere Application Server » Version: 5.1.0.3
cpe:2.3:a:ibm:websphere_application_server:5.1.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0
cpe:2.3:a:ibm:websphere_application_server:5.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0
cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.0
cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.5
cpe:2.3:a:ibm:websphere_application_server:5.0.2.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.6
cpe:2.3:a:ibm:websphere_application_server:5.0.2.6:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.7
cpe:2.3:a:ibm:websphere_application_server:5.0.2.7:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1
cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.1
cpe:2.3:a:ibm:websphere_application_server:5.1.1.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.1
cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.8
cpe:2.3:a:ibm:websphere_application_server:5.0.2.8:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.9
cpe:2.3:a:ibm:websphere_application_server:5.0.2.9:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2
cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.1
cpe:2.3:a:ibm:websphere_application_server:5.0.2.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.0.2
cpe:2.3:a:ibm:websphere_application_server:5.1.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.3
cpe:2.3:a:ibm:websphere_application_server:5.0.2.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.4
cpe:2.3:a:ibm:websphere_application_server:5.0.2.4:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.0.4
cpe:2.3:a:ibm:websphere_application_server:5.1.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.0.5
cpe:2.3:a:ibm:websphere_application_server:5.1.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0 Z Os Edition
cpe:2.3:a:ibm:websphere_application_server:5.0:*:z_os:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.10
cpe:2.3:a:ibm:websphere_application_server:5.0.2.10:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.11
cpe:2.3:a:ibm:websphere_application_server:5.0.2.11:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.12
cpe:2.3:a:ibm:websphere_application_server:5.0.2.12:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.13
cpe:2.3:a:ibm:websphere_application_server:5.0.2.13:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.14
cpe:2.3:a:ibm:websphere_application_server:5.0.2.14:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.2
cpe:2.3:a:ibm:websphere_application_server:5.0.2.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2
cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.5
cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.7
cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.1
cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.3
cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.0
cpe:2.3:a:ibm:websphere_application_server:5.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.2
cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.4
cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.6
cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.11
cpe:2.3:a:ibm:websphere_application_server:5.1.1.11:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.10
cpe:2.3:a:ibm:websphere_application_server:5.1.1.10:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.15
cpe:2.3:a:ibm:websphere_application_server:5.0.2.15:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.0.2.16
cpe:2.3:a:ibm:websphere_application_server:5.0.2.16:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.9
cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.1
cpe:2.3:a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.1.2
cpe:2.3:a:ibm:websphere_application_server:6.0.1.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.0.1
cpe:2.3:a:ibm:websphere_application_server:6.0.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.0.2
cpe:2.3:a:ibm:websphere_application_server:6.0.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.0.3
cpe:2.3:a:ibm:websphere_application_server:6.0.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.0
cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0
cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.11
cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.13
cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.15
cpe:2.3:a:ibm:websphere_application_server:6.0.2.15:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.12
cpe:2.3:a:ibm:websphere_application_server:5.1.1.12:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.14
cpe:2.3:a:ibm:websphere_application_server:5.1.1.14:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.19
cpe:2.3:a:ibm:websphere_application_server:6.0.2.19:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.1
cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.2
cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.3
cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.5
cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.17
cpe:2.3:a:ibm:websphere_application_server:6.0.2.17:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.7
cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.9
cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.15
cpe:2.3:a:ibm:websphere_application_server:5.1.1.15:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.16
cpe:2.3:a:ibm:websphere_application_server:5.1.1.16:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.13
cpe:2.3:a:ibm:websphere_application_server:5.1.1.13:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1
cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.11
cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.5
cpe:2.3:a:ibm:websphere_application_server:6.1.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.6
cpe:2.3:a:ibm:websphere_application_server:6.1.6:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.22
cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.23
cpe:2.3:a:ibm:websphere_application_server:6.0.2.23:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.7
cpe:2.3:a:ibm:websphere_application_server:6.1.7:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.14
cpe:2.3:a:ibm:websphere_application_server:6.1.14:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.3
cpe:2.3:a:ibm:websphere_application_server:6.1.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.24
cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.25
cpe:2.3:a:ibm:websphere_application_server:6.0.2.25:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.1
cpe:2.3:a:ibm:websphere_application_server:6.1.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.13
cpe:2.3:a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.12
cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.13
cpe:2.3:a:ibm:websphere_application_server:6.1.0.13:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.6
cpe:2.3:a:ibm:websphere_application_server:6.1.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.10
cpe:2.3:a:ibm:websphere_application_server:6.1.0.10:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.4
cpe:2.3:a:ibm:websphere_application_server:6.1.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.14
cpe:2.3:a:ibm:websphere_application_server:6.1.0.14:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.15
cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.8
cpe:2.3:a:ibm:websphere_application_server:6.1.0.8:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.17
cpe:2.3:a:ibm:websphere_application_server:5.1.1.17:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.18
cpe:2.3:a:ibm:websphere_application_server:5.1.1.18:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.17
cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.16
cpe:2.3:a:ibm:websphere_application_server:6.1.0.16:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.18
cpe:2.3:a:ibm:websphere_application_server:6.1.0.18:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.1.15
cpe:2.3:a:ibm:websphere_application_server:6.0.1.15:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.1.11
cpe:2.3:a:ibm:websphere_application_server:6.0.1.11:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.1.9
cpe:2.3:a:ibm:websphere_application_server:6.0.1.9:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.1.7
cpe:2.3:a:ibm:websphere_application_server:6.0.1.7:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.1.3
cpe:2.3:a:ibm:websphere_application_server:6.0.1.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.32
cpe:2.3:a:ibm:websphere_application_server:6.0.2.32:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.1.17
cpe:2.3:a:ibm:websphere_application_server:6.0.1.17:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.1.5
cpe:2.3:a:ibm:websphere_application_server:6.0.1.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.27
cpe:2.3:a:ibm:websphere_application_server:6.0.2.27:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.30
cpe:2.3:a:ibm:websphere_application_server:6.0.2.30:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.31
cpe:2.3:a:ibm:websphere_application_server:6.0.2.31:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.22
cpe:2.3:a:ibm:websphere_application_server:6.1.0.22:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.28
cpe:2.3:a:ibm:websphere_application_server:6.0.2.28:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.2.29
cpe:2.3:a:ibm:websphere_application_server:6.0.2.29:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.20
cpe:2.3:a:ibm:websphere_application_server:6.1.0.20:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.21
cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 5.1.1.19
cpe:2.3:a:ibm:websphere_application_server:5.1.1.19:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.1.1
cpe:2.3:a:ibm:websphere_application_server:6.0.1.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.0.1.13
cpe:2.3:a:ibm:websphere_application_server:6.0.1.13:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.19
cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*
Matching versions

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!