[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981)
From: "MustLive" <mustlive () websecurity ! com ! ua>
Date: 2015-06-19 12:27:49
Message-ID: 009a01d0aa8b$65437480$9b7a6fd5 () pc
[Download RAW message or body]
Hello list!
Earlier I wrote about XSS vulnerability in IBM Domino
(http://seclists.org/fulldisclosure/2015/May/128). I informed IBM in May
about it and at 17.06.2015 they fixed it and released security bulletin.
Security Bulletin: IBM Domino Web Server Cross-site Scripting Vulnerability
(CVE-2015-1981) http://www-01.ibm.com/support/docview.wss?uid=swg21959908.
CVE ID: CVE-2015-1981.
-------------------------
Affected products:
-------------------------
Vulnerable are the next products and versions:
IBM Domino 9.0.1 Fix Pack 3 (plus Interim Fixes) and earlier
IBM Domino 8.5.3 Fix Pack 6 (plus Interim Fixes) and earlier
All 9.0 and 8.5.x releases of IBM Domino prior to those listed above
-------------------------
Remediation/Fixes:
-------------------------
IBM proposed fix for the last version of Domino and workarounds and
mitigations for previous versions of Domino.
Remediation (workarounds see in the bulletin):
A fix for this issue, tracked as SPR# KLYH9WYPR5, is introduced in IBM
Domino 9.0.1 Fix Pack 4.
Customers running earlier 9.0.x or 8.5.x streams may either use the
workaround listed in bulletin or contact IBM Support to inquire about the
possibility of obtaining a hotfix for your environment.
Best wishes & regards,
Eugene Dokukin aka MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic