CVE-2008-7253
First published: Mon Jan 25 2010(Updated: )
The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Lotus Domino Server | =7.0 | |
| IBM Lotus Domino Server | =6.0 | |
| IBM Lotus Domino Server | =6.5 | |
| IBM Lotus Domino Server | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm lotus domino server
- version/ibm lotus domino server/7.0
- version/ibm lotus domino server/6.0
- version/ibm lotus domino server/6.5
- version/ibm lotus domino server/8.0