Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32305
HistoryJul 05, 2015 - 12:00 a.m.

IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981)

2015-07-0500:00:00
vulners.com
19
JSON

Hello 3APA3A!

Earlier I wrote about XSS vulnerability in IBM Domino (http://seclists.org/fulldisclosure/2015/May/128). I informed IBM in May about it and at 17.06.2015 they fixed it and released security bulletin.

Security Bulletin: IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981) http://www-01.ibm.com/support/docview.wss?uid=swg21959908.

CVE ID: CVE-2015-1981.

Affected products:

Vulnerable are the next products and versions:

IBM Domino 9.0.1 Fix Pack 3 (plus Interim Fixes) and earlier
IBM Domino 8.5.3 Fix Pack 6 (plus Interim Fixes) and earlier
All 9.0 and 8.5.x releases of IBM Domino prior to those listed above

Remediation/Fixes:

IBM proposed fix for the last version of Domino and workarounds and mitigations for previous versions of Domino.

Remediation (workarounds see in the bulletin):

A fix for this issue, tracked as SPR# KLYH9WYPR5, is introduced in IBM Domino 9.0.1 Fix Pack 4.

Customers running earlier 9.0.x or 8.5.x streams may either use the workaround listed in bulletin or contact IBM Support to inquire about the possibility of obtaining a hotfix for your environment.

Best wishes & regards,
Eugene Dokukin aka MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Related

securityvulns 1
prion 1
cve 1
securityvulns
securityvulns
IBM Domino Web Server crossite scripting
2015-07-05 00:00:00
prion
prion
Cross site scripting
2015-06-28 14:59:00
cve
cve
CVE-2015-1981
2015-06-28 14:59:00
JSON
Related for SECURITYVULNS:DOC:32305
securityvulns1prion1cve1