Vulnerability Description
The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Lotus Domino Server | 6.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?&uid=swg21201202
- http://www.kb.cert.org/vuls/id/867593US Government Resource
- http://www.kb.cert.org/vuls/id/AAMN-5K42VN
- http://www.kb.cert.org/vuls/id/AAMN-5K42VT
- http://www-01.ibm.com/support/docview.wss?&uid=swg21201202
- http://www.kb.cert.org/vuls/id/867593US Government Resource
- http://www.kb.cert.org/vuls/id/AAMN-5K42VN
- http://www.kb.cert.org/vuls/id/AAMN-5K42VT
FAQ
What is CVE-2008-7253?
CVE-2008-7253 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authent...
How severe is CVE-2008-7253?
CVE-2008-7253 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-7253?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Lotus Domino Server.