Detections
Analytics
IBM Lotus Domino 8.5.x Multiple Vulnerabilities
medium Nessus Plugin ID 66240
Language:
Synopsis
The remote web server is affected by multiple vulnerabilities.Description
According to its banner, the version of Lotus Domino on the remote host is 8.5.x and is, therefore, affected by the following vulnerabilities :- Some scripts inside the Web Help application are vulnerable to open redirect attacks. (CVE-2012-2159)
- The Web Help component contains a reflected cross-site scripting vulnerability. (CVE-2012-2161)
- User-input validation errors exist related to the 'Web Administrator' client as well as the 'Src' parameter and 'x.nsf' script that could allow cross-site scripting attacks. (CVE-2013-0488, BID 58715)
- A user-input validation error exists related to the 'Web Administrator' client that could allow cross-site request forgery attacks. (CVE-2013-0489)
Solution
Upgrade to Lotus Domino 9.0 or later.See Also
https://seclists.org/fulldisclosure/2013/Mar/219
http://www-01.ibm.com/support/docview.wss?uid=swg27010592#ver90
Plugin Details
Severity: Medium
ID: 66240
File Name: domino_9.nasl
Version: 1.7
Type: remote
Family: Web Servers
Published: 4/26/2013
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6
Temporal Score: 4.4
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:ibm:lotus_domino
Required KB Items: Domino/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 5/31/2012
Vulnerability Publication Date: 5/31/2012
Reference Information
CVE: CVE-2012-2159, CVE-2012-2161, CVE-2013-0488, CVE-2013-0489