Lucene search

PRIOn knowledge basePRION:CVE-2008-7253

HistoryJan 25, 2010 - 7:30 p.m.

Design/Logic Flaw

2010-01-2519:30:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.9%

JSON

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

CPENameOperatorVersion
lotus_domino_servereq7.0
lotus_domino_servereq6.0
lotus_domino_servereq6.5
lotus_domino_servereq8.0

Name	Operator	Version
lotus_domino_server	eq	7.0
lotus_domino_server	eq	6.0
lotus_domino_server	eq	6.5
lotus_domino_server	eq	8.0

References

www-01.ibm.com/support/docview.wss?&uid=swg21201202

www.kb.cert.org/vuls/id/867593

www.kb.cert.org/vuls/id/AAMN-5K42VN

www.kb.cert.org/vuls/id/AAMN-5K42VT

6.7 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for PRION:CVE-2008-7253