Cross-Site Tracing Vulnerability in IBM Lotus Domino Server
CVE-2008-7253

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Domino Server
Vendor: CVE Published:; 25 January 2010

Summary

The IBM Lotus Domino Server, in its default configuration, permits the use of the HTTP TRACE method. This configuration creates a vulnerability that can be exploited by remote attackers to execute cross-site tracing (XST) attacks. Through this type of attack, attackers may be able to capture sensitive information such as cookies and authentication credentials, thereby compromising users' security. This issue is associated with similar vulnerabilities in earlier CVE instances, particularly concerning web security misconfigurations.

References

http://www-01.ibm.com/support/docview.wss?&uid=swg21201202

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/867593

third-party-advisoryx_refsource_CERT-VN

http://www.kb.cert.org/vuls/id/AAMN-5K42VN

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 25, 2010