IBM Lotus Domino Unspecified Open Redirection and Cross Site Scripting Vulnerabilities
BID:58152
Info
IBM Lotus Domino Unspecified Open Redirection and Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 58152 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-4842 CVE-2012-4844 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 25 2013 12:00AM |
| Updated: | Feb 25 2013 12:00AM |
| Credit: | IBM |
| Vulnerable: |
IBM Lotus Domino 8.5.3 IBM Lotus Domino 8.5.2 IBM Lotus Domino 8.5.1 IBM Lotus Domino 8.5 |
| Not Vulnerable: | |
Discussion
IBM Lotus Domino Unspecified Open Redirection and Cross Site Scripting Vulnerabilities
IBM Lotus Domino is prone to an open-redirection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and may redirect a user to a potentially malicious site; this may aid in phishing attacks. Other attacks may also be possible.
IBM Lotus Domino 8.5.3 and prior versions are vulnerable.
IBM Lotus Domino is prone to an open-redirection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and may redirect a user to a potentially malicious site; this may aid in phishing attacks. Other attacks may also be possible.
IBM Lotus Domino 8.5.3 and prior versions are vulnerable.
Exploit / POC
IBM Lotus Domino Unspecified Open Redirection and Cross Site Scripting Vulnerabilities
An attacker can exploit these issues by enticing an unsuspecting victim into following a malicious URI.
An attacker can exploit these issues by enticing an unsuspecting victim into following a malicious URI.
Solution / Fix
IBM Lotus Domino Unspecified Open Redirection and Cross Site Scripting Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
IBM Lotus Domino Unspecified Open Redirection and Cross Site Scripting Vulnerabilities
References:
References: