CVE-2008-7253

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Domino Server
Vendor: CVE Published:; 25 January 2010

Summary

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

References

http://www-01.ibm.com/support/docview.wss?&uid=swg21201202

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/867593

third-party-advisoryx_refsource_CERT-VN

http://www.kb.cert.org/vuls/id/AAMN-5K42VN

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 25, 2010