4.3
CVE-2008-7253
- EPSS 1.46%
- Veröffentlicht 25.01.2010 19:30:00
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Lotus Domino Server Version6.0
Ibm ≫ Lotus Domino Server Version6.5
Ibm ≫ Lotus Domino Server Version7.0
Ibm ≫ Lotus Domino Server Version8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.46% | 0.802 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|