IBM Lotus Domino CVE-2013-0489 Cross Site Request Forgery Vulnerability

Bugtraq ID:	58649
Class:	Input Validation Error
CVE:	CVE-2013-0489
Remote:	Yes
Local:	No
Published:	Mar 21 2013 12:00AM
Updated:	May 14 2013 03:12PM
Credit:	IBM
Vulnerable:	IBM WebSphere Message Broker 7.0.0 IBM WebSphere Message Broker 6.1 IBM Lotus Domino 8.5.3 IBM Lotus Domino 8.5.2 IBM Lotus Domino 8.5.1 IBM Lotus Domino 8.5
Not Vulnerable:

IBM Lotus Domino CVE-2013-0489 Cross Site Request Forgery Vulnerability

IBM Lotus Domino is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

IBM Lotus Domino 8.5.x are vulnerable.

IBM Lotus Domino CVE-2013-0489 Cross Site Request Forgery Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

IBM Lotus Domino CVE-2013-0489 Cross Site Request Forgery Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

IBM Lotus Domino CVE-2013-0489 Cross Site Request Forgery Vulnerability

References:

• IBM Homepage (IBM)
  
• IBM Lotus Domino Homepage (IBM)