CVE-2008-7253

CWE-163 documents3 sources
Severity
4.3MEDIUM
EPSS
1.5%
top 19.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Lotus Domino Server
Timeline
PublishedJan 25
Latest updateMay 17

Description

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDibm/lotus_domino_server4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-g6pv-jvqw-865r: The default configuration of the web server in IBM Lotus Domino Server, possibly 62022-05-17
CVEList
CVE-2008-7253: The default configuration of the web server in IBM Lotus Domino Server, possibly 62010-01-25
CVE-2008-7253 (MEDIUM CVSS 4.3) | The default configuration of the we | cvebase.io