8 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398. La configuración por defecto del servidor Web en IBM Lotus Domino Server, posiblemente v6.0 hasta v8.0, activa el método HTTP TRACE method, lo que facilita a atacantes remotos a robar las cookies y las credenciales de autenticación a través de un taques de seguimiento de trazas en sitios cruzados (XST), está relacionado con CVE-2004-2763 y CVE-2005-3398. • http://www-01.ibm.com/support/docview.wss?&uid=swg21201202 http://www.kb.cert.org/vuls/id/867593 http://www.kb.cert.org/vuls/id/AAMN-5K42VN http://www.kb.cert.org/vuls/id/AAMN-5K42VT • CWE-16: Configuration •

CVSS: 7.8EPSS: 1%CPEs: 21EXPL: 0

Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x before 7.0.3 allows remote attackers to cause a denial of service (daemon crash) via requests for URLs that reference certain files. Vulnerabilidad no especificada en en el servidor web de Lotus Domino 6.0, 6.5.x anterior a 6.5.6, y 7.0.x anterior a 7.0.3 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante peticiones de URLs que referencian determinados archivos. • http://osvdb.org/35766 http://secunia.com/advisories/25542 http://www-1.ibm.com/support/docview.wss?uid=swg21257251 http://www.securityfocus.com/bid/24307 http://www.securitytracker.com/id?1018189 http://www.vupen.com/english/advisories/2007/2046 https://exchange.xforce.ibmcloud.com/vulnerabilities/34689 •

CVSS: 5.0EPSS: 1%CPEs: 14EXPL: 0

Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas. • http://secunia.com/advisories/18328 http://www-1.ibm.com/support/docview.wss?uid=swg27007054 http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument http://www.securityfocus.com/bid/16158 http://www.vupen.com/english/advisories/2006/0081 https://exchange.xforce.ibmcloud.com/vulnerabilities/24206 •

CVSS: 10.0EPSS: 3%CPEs: 14EXPL: 0

Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to "potential security issues" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4) GPKS5YQGPT in Security, or (5) HSAO6BNL6Y in the Web Server. NOTE: vector 3 is related to an issue in NROUTER in IBM Lotus Notes and Domino Server before 6.5.4 FP1, 6.5.5, and 7.0, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted vCal meeting request sent via SMTP (aka SPR# KSPR699NBP). • http://secunia.com/advisories/18328 http://secunia.com/advisories/20855 http://securitytracker.com/id?1016390 http://www-1.ibm.com/support/docview.wss?uid=swg27007054 http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/94a77eb898843aca8525709200001de1?OpenDocument&Highlight=0%2CJGAN6B6TZ3 http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/9a1650d1a771f3078525702a00420def?OpenDocument&Highlight=0%2CHSAO6BNL6Y http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/d1150fc9c5dec8b18525709200001 •

CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0

Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory. • http://secunia.com/advisories/18328 http://www-1.ibm.com/support/docview.wss?uid=swg27007054 http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument&Highlight=0%2CMKIN67MQVW http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument&Highlight=0%2CMKIN693QUT http://www.securityfocus.com/bid/16158 http://www.vupen.com/english/advisories/2006/0081 https://exchange.xforce.ibmcloud.com/vulnerabilities/24223 •