CVE-2008-4284
First published: Tue Feb 10 2009(Updated: )
Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.8 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.10 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.12 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.14 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.16 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.0.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.10 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.12 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.14 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.16 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.18 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.19 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.19 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.22 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.23 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.24 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.25 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.27 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.28 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.29 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.30 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.31 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.32 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.8 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.10 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.12 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.14 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.16 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.18 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.19 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.20 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.21 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.22 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-4284?
The severity of CVE-2008-4284 is considered high due to its potential for remote exploitation and conducting phishing attacks.
How do I fix CVE-2008-4284?
To fix CVE-2008-4284, upgrade to a patched version of IBM WebSphere Application Server that addresses this vulnerability.
What versions of IBM WebSphere Application Server are affected by CVE-2008-4284?
CVE-2008-4284 affects IBM WebSphere Application Server versions 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23.
What type of vulnerability is CVE-2008-4284?
CVE-2008-4284 is classified as an open redirect vulnerability.
What can attackers do with CVE-2008-4284?
Attackers exploiting CVE-2008-4284 can redirect users to arbitrary websites, leading to potential phishing attacks.
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ibm
- canonical/ibm websphere application server feature pack for web services
- version/ibm websphere application server feature pack for web services/5.0
- version/ibm websphere application server feature pack for web services/5.0.0
- version/ibm websphere application server feature pack for web services/5.0.1
- version/ibm websphere application server feature pack for web services/5.0.2
- version/ibm websphere application server feature pack for web services/5.0.2.1
- version/ibm websphere application server feature pack for web services/5.0.2.2
- version/ibm websphere application server feature pack for web services/5.0.2.3
- version/ibm websphere application server feature pack for web services/5.0.2.4
- version/ibm websphere application server feature pack for web services/5.0.2.5
- version/ibm websphere application server feature pack for web services/5.0.2.6
- version/ibm websphere application server feature pack for web services/5.0.2.7
- version/ibm websphere application server feature pack for web services/5.0.2.8
- version/ibm websphere application server feature pack for web services/5.0.2.9
- version/ibm websphere application server feature pack for web services/5.0.2.10
- version/ibm websphere application server feature pack for web services/5.0.2.11
- version/ibm websphere application server feature pack for web services/5.0.2.12
- version/ibm websphere application server feature pack for web services/5.0.2.13
- version/ibm websphere application server feature pack for web services/5.0.2.14
- version/ibm websphere application server feature pack for web services/5.0.2.15
- version/ibm websphere application server feature pack for web services/5.0.2.16
- version/ibm websphere application server feature pack for web services/5.1.0
- version/ibm websphere application server feature pack for web services/5.1.0.2
- version/ibm websphere application server feature pack for web services/5.1.0.3
- version/ibm websphere application server feature pack for web services/5.1.0.4
- version/ibm websphere application server feature pack for web services/5.1.0.5
- version/ibm websphere application server feature pack for web services/5.1.1
- version/ibm websphere application server feature pack for web services/5.1.1.1
- version/ibm websphere application server feature pack for web services/5.1.1.10
- version/ibm websphere application server feature pack for web services/5.1.1.11
- version/ibm websphere application server feature pack for web services/5.1.1.12
- version/ibm websphere application server feature pack for web services/5.1.1.13
- version/ibm websphere application server feature pack for web services/5.1.1.14
- version/ibm websphere application server feature pack for web services/5.1.1.15
- version/ibm websphere application server feature pack for web services/5.1.1.16
- version/ibm websphere application server feature pack for web services/5.1.1.17
- version/ibm websphere application server feature pack for web services/5.1.1.18
- version/ibm websphere application server feature pack for web services/5.1.1.19
- version/ibm websphere application server feature pack for web services/6.0
- version/ibm websphere application server feature pack for web services/6.0.0.1
- version/ibm websphere application server feature pack for web services/6.0.0.2
- version/ibm websphere application server feature pack for web services/6.0.0.3
- version/ibm websphere application server feature pack for web services/6.0.1
- version/ibm websphere application server feature pack for web services/6.0.1.1
- version/ibm websphere application server feature pack for web services/6.0.1.2
- version/ibm websphere application server feature pack for web services/6.0.1.3
- version/ibm websphere application server feature pack for web services/6.0.1.5
- version/ibm websphere application server feature pack for web services/6.0.1.7
- version/ibm websphere application server feature pack for web services/6.0.1.9
- version/ibm websphere application server feature pack for web services/6.0.1.11
- version/ibm websphere application server feature pack for web services/6.0.1.13
- version/ibm websphere application server feature pack for web services/6.0.1.15
- version/ibm websphere application server feature pack for web services/6.0.1.17
- version/ibm websphere application server feature pack for web services/6.0.2
- version/ibm websphere application server feature pack for web services/6.0.2.1
- version/ibm websphere application server feature pack for web services/6.0.2.2
- version/ibm websphere application server feature pack for web services/6.0.2.3
- version/ibm websphere application server feature pack for web services/6.0.2.4
- version/ibm websphere application server feature pack for web services/6.0.2.5
- version/ibm websphere application server feature pack for web services/6.0.2.6
- version/ibm websphere application server feature pack for web services/6.0.2.7
- version/ibm websphere application server feature pack for web services/6.0.2.9
- version/ibm websphere application server feature pack for web services/6.0.2.11
- version/ibm websphere application server feature pack for web services/6.0.2.13
- version/ibm websphere application server feature pack for web services/6.0.2.15
- version/ibm websphere application server feature pack for web services/6.0.2.17
- version/ibm websphere application server feature pack for web services/6.0.2.19
- version/ibm websphere application server feature pack for web services/6.0.2.22
- version/ibm websphere application server feature pack for web services/6.0.2.23
- version/ibm websphere application server feature pack for web services/6.0.2.24
- version/ibm websphere application server feature pack for web services/6.0.2.25
- version/ibm websphere application server feature pack for web services/6.0.2.27
- version/ibm websphere application server feature pack for web services/6.0.2.28
- version/ibm websphere application server feature pack for web services/6.0.2.29
- version/ibm websphere application server feature pack for web services/6.0.2.30
- version/ibm websphere application server feature pack for web services/6.0.2.31
- version/ibm websphere application server feature pack for web services/6.0.2.32
- version/ibm websphere application server feature pack for web services/6.1
- version/ibm websphere application server feature pack for web services/6.1.0
- version/ibm websphere application server feature pack for web services/6.1.0.0
- version/ibm websphere application server feature pack for web services/6.1.0.1
- version/ibm websphere application server feature pack for web services/6.1.0.2
- version/ibm websphere application server feature pack for web services/6.1.0.3
- version/ibm websphere application server feature pack for web services/6.1.0.4
- version/ibm websphere application server feature pack for web services/6.1.0.5
- version/ibm websphere application server feature pack for web services/6.1.0.6
- version/ibm websphere application server feature pack for web services/6.1.0.7
- version/ibm websphere application server feature pack for web services/6.1.0.8
- version/ibm websphere application server feature pack for web services/6.1.0.9
- version/ibm websphere application server feature pack for web services/6.1.0.10
- version/ibm websphere application server feature pack for web services/6.1.0.11
- version/ibm websphere application server feature pack for web services/6.1.0.12
- version/ibm websphere application server feature pack for web services/6.1.0.13
- version/ibm websphere application server feature pack for web services/6.1.0.14
- version/ibm websphere application server feature pack for web services/6.1.0.15
- version/ibm websphere application server feature pack for web services/6.1.0.16
- version/ibm websphere application server feature pack for web services/6.1.0.17
- version/ibm websphere application server feature pack for web services/6.1.0.18
- version/ibm websphere application server feature pack for web services/6.1.0.19
- version/ibm websphere application server feature pack for web services/6.1.0.20
- version/ibm websphere application server feature pack for web services/6.1.0.21
- version/ibm websphere application server feature pack for web services/6.1.0.22
- version/ibm websphere application server feature pack for web services/6.1.1
- version/ibm websphere application server feature pack for web services/6.1.3
- version/ibm websphere application server feature pack for web services/6.1.5
- version/ibm websphere application server feature pack for web services/6.1.6
- version/ibm websphere application server feature pack for web services/6.1.7
- version/ibm websphere application server feature pack for web services/6.1.13
- version/ibm websphere application server feature pack for web services/6.1.14