CVE-2008-7253

EUVD-2008-7209
The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
ibmlotus_domino_server
6.0
ibmlotus_domino_server
6.5
ibmlotus_domino_server
7.0
ibmlotus_domino_server
8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?&uid=swg21201202
http://www.kb.cert.org/vuls/id/867593
http://www.kb.cert.org/vuls/id/AAMN-5K42VN
http://www.kb.cert.org/vuls/id/AAMN-5K42VT
http://www-01.ibm.com/support/docview.wss?&uid=swg21201202
http://www.kb.cert.org/vuls/id/867593
http://www.kb.cert.org/vuls/id/AAMN-5K42VN
http://www.kb.cert.org/vuls/id/AAMN-5K42VT