You are here

V-118: IBM Lotus Domino Multiple Vulnerabilities

March 25, 2013 - 12:40am

Addthis

PROBLEM:

IBM Lotus Domino Multiple Vulnerabilities

PLATFORM:

IBM Domino 8.x

ABSTRACT:

Multiple vulnerabilities have been reported in IBM Lotus Domino

REFERENCE LINKS:

IBM Reference #:1627597
Secunia Advisory SA52753
CVE-2012-6277
CVE-2013-0486
CVE-2013-0487

IMPACT ASSESSMENT:

High

DISCUSSION:

1) An unspecified error can be exploited to disclose time-limited authentication credentials via the Domino Java Console and subsequently gain otherwise restricted access.

Successful exploitation may require certain knowledge of Domino server configuration.

2) An unspecified error in the HTTP server component can be exploited to cause a memory leak and subsequently crash the server.

3) The application bundles a vulnerable version of Autonomy KeyView IDOL.

IMPACT:

IBM Lotus Domino can be exploited by malicious users to disclose certain sensitive information and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

SOLUTION:

Upgrade to version 9.0 or update to version 8.5.3 Fix Pack 4 when available

Addthis