CVE-2008-7253

Severity

43%

Complexity

86%

Confidentiality

48%

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N).

Overview

First reported 15 years ago

2010-01-25 19:30:00

Last updated 15 years ago

2010-01-26 05:00:00

Affected Software

IBM Lotus Domino Server 7.0

7.0

References

VU#867593

US Government Resource

http://www.kb.cert.org/vuls/id/AAMN-5K42VN

http://www.kb.cert.org/vuls/id/AAMN-5K42VT

http://www-01.ibm.com/support/docview.wss?&uid=swg21201202

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.