HTTP Response Splitting and XSS vulnerabilities in IBM Lotus Domino

Hello 3APA3A! I want to warn you about HTTP Response Splitting and Cross-Site Scripting vulnerabilities in IBM Lotus Domino. At 15th of August IBM released the advisory concerning these Cross-Site Scripting vulnerabilities. CVE ID: CVE-2012-3301. ------------------------- Affected products:...

IBM Lotus Domino Cross-Site Scripting and HTTP Response Splitting vulnerabilities

Hello 3APA3A! This month at 15th of August IBM released the advisory about IBM Lotus Domino Cross-Site Scripting and HTTP Response Splitting vulnerabilities, which I've informed them about in May. This is only the part of all vulnerabilities, which I've found in their software, and they are worki...

CVE-2012-3301

Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving 1 Mozilla Firefox 3.0.9 and earlier or 2 unspecified browsers...

CVE-2012-3301

IBM Lotus Domino HTTP Server on 8.5.x (before 8.5.4) is affected by multiple CRLF injection vulnerabilities that enable HTTP header injection and HTTP response splitting via crafted input (notably involving Firefox 3.0.9 and earlier). The root cause is CRLF injection in the server’s HTTP response...