CVE-2008-7253

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
ibmlotus_domino_server
6.0
ibmlotus_domino_server
6.5
ibmlotus_domino_server
7.0
ibmlotus_domino_server
8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?&uid=swg21201202
http://www.kb.cert.org/vuls/id/867593
http://www.kb.cert.org/vuls/id/AAMN-5K42VN
http://www.kb.cert.org/vuls/id/AAMN-5K42VT
http://www-01.ibm.com/support/docview.wss?&uid=swg21201202
http://www.kb.cert.org/vuls/id/867593
http://www.kb.cert.org/vuls/id/AAMN-5K42VN
http://www.kb.cert.org/vuls/id/AAMN-5K42VT