Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7253

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-7253
Last Modified 26 Jan 2010 12:00:00
Published 25 Jan 2010 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-7253

Summary

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

Vulnerable Systems

Application

  • Ibm Lotus Domino Server 6.0

  • Ibm Lotus Domino Server 6.5

  • Ibm Lotus Domino Server 7.0

  • Ibm Lotus Domino Server 8.0


References

CERT-VN - VU#867593

CONFIRM - http://www.kb.cert.org/vuls/id/AAMN-5K42VT

CONFIRM - http://www.kb.cert.org/vuls/id/AAMN-5K42VN

CONFIRM - http://www-01.ibm.com/support/docview.wss?&uid=swg21201202


Last Updated: 27 May 2016 10:49:31