CVE-2008-7253

Published: Jan 25, 2010Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

Affected (4)

Products: Ibm: Lotus Domino Server

1 product

Lotus Domino Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Lotus Domino Server	Version 6.0
Ibm Lotus Domino Server	Version 6.5
Ibm Lotus Domino Server	Version 7.0
Ibm Lotus Domino Server	Version 8.0

Related CWEs

References (8)

http://www-01.ibm.com/support/docview.wss?&uid=swg21201202

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/867593

Source: cve@mitre.org

US Government Resource

http://www.kb.cert.org/vuls/id/AAMN-5K42VN

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/AAMN-5K42VT

Source: cve@mitre.org

http://www-01.ibm.com/support/docview.wss?&uid=swg21201202

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/867593

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.kb.cert.org/vuls/id/AAMN-5K42VN

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/AAMN-5K42VT

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.