PT-2010-1244 · Ibm · Lotus Domino Server

Published

2010-01-25

Updated

2010-01-26

CVE-2008-7253

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-16

Related Identifiers

CVE-2008-7253

Affected Products

Lotus Domino Server

PT-2010-1244 · Ibm · Lotus Domino Server

CVE-2008-7253

Weakness Enumeration

Related Identifiers

Affected Products

References · 5