CVE-2008-7253
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
La configuración por defecto del servidor Web en IBM Lotus Domino Server, posiblemente v6.0 hasta v8.0, activa el método HTTP TRACE method, lo que facilita a atacantes remotos a robar las cookies y las credenciales de autenticación a través de un taques de seguimiento de trazas en sitios cruzados (XST), está relacionado con CVE-2004-2763 y CVE-2005-3398.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-01-25 CVE Reserved
- 2010-01-25 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-16: Configuration
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?&uid=swg21201202 | X_refsource_confirm | |
| http://www.kb.cert.org/vuls/id/867593 | Third Party Advisory |
|
| http://www.kb.cert.org/vuls/id/AAMN-5K42VN | X_refsource_confirm |
|
| http://www.kb.cert.org/vuls/id/AAMN-5K42VT | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Lotus Domino Server Search vendor "Ibm" for product "Lotus Domino Server" | 6.0 Search vendor "Ibm" for product "Lotus Domino Server" and version "6.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Lotus Domino Server Search vendor "Ibm" for product "Lotus Domino Server" | 6.5 Search vendor "Ibm" for product "Lotus Domino Server" and version "6.5" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Lotus Domino Server Search vendor "Ibm" for product "Lotus Domino Server" | 7.0 Search vendor "Ibm" for product "Lotus Domino Server" and version "7.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Lotus Domino Server Search vendor "Ibm" for product "Lotus Domino Server" | 8.0 Search vendor "Ibm" for product "Lotus Domino Server" and version "8.0" | - |
Affected
| ||||||