0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
IBM Lotus Domino Cross-Site Scripting Vulnerability
I want to warn you about multiple Cross-Site Scripting vulnerabilities in IBM Lotus Domino. Last year I've announced multiple vulnerabilities in IBM software and after IBM fixed many of them, I've disclosed them. These are new vulnerabilities in Domino, which I've found at 03.05.2012 together with other holes. In August 2012 I've wrote about vulnerabilities in IBM Lotus Domino, which were related to Domino WebMail. I'll add new vulnerabilities in WebMail to previous two holes. Which had CVE-2012-3302 and described in IBM Security Bulletin: Aug-2012 IBM Lotus Domino Web Server Cross-Site Scripting Vulnerabilities (http://www-01.ibm.com/support/docview.wss?uid=swg21608160). IBM haven't created new CVE and new advisory for these vulnerabilities (at least they didn't tell me and I didn't find it at their site). ------------------------- Affected products: ------------------------- Vulnerable are IBM Lotus Domino 8.5.4 and previous versions. These vulnerabilities have been fixed in Domino 9.0. Which was recently released. So every user of Domino can upgrade to latest 9.0 version or to use workaround for previous versions (provided bellow). ---------- Details: ---------- Cross-Site Scripting (WASC-08): The attack is possible via data: and vbscript: URI. http://site/mail/x.nsf/CalendarFS?OpenFrameSet&Frame=NotesView&Src=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N 1bWVudC5jb29raWUpPC9zY3JpcHQ%2B http://site/mail/x.nsf/WebInteriorCalendarFS?OpenFrameSet&Frame=NotesView&Src=data:text/html;base64,PHNjcmlwdD5h bGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2B http://site/mail/x.nsf/ToDoFS?OpenFrameSet?OpenFrameSet&Frame=NotesView&Src=data:text/html;base64,PHNjcmlwdD5hbG VydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2B http://site/mail/x.nsf/WebInteriorToDoFS?OpenFrameSet&Frame=NotesView&Src=data:text/html;base64,PHNjcmlwdD5hbGVy dChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2B ------------------ Workaround: ------------------ There is a workaround for these XSS vulnerabilities: To avoid this attack, administrators can set the following variable on the Domino server NOTES.INI, available in release 7.0 and later: DominoValidateFramesetSRC=1 This method can be used for versions prior to Domino 9 (where these XSS holes were fixed). ------------ Timeline: ------------ Full timeline read in the first advisory (http://securityvulns.ru/docs28474.html). - During 16.05-20.05.2012 I've wrote announcements about multiple vulnerabilities in IBM software at my site. - During 16.05-20.05.2012 I've wrote five advisories via contact form at IBM site. - At 31.05.2012 I've resend five advisories to IBM PSIRT, which they received and said they would send them to the developers (of Lotus products). - At 15.08.2012 IBM released their advisory (above-mentioned) - just few from total amount of holes. - At 12.12.2012 after IBM fixed part of the holes, which I sent them in May, I sent them new vulnerabilities in Lotus Domino. - At 15.12.2012 remind IBM about last holes. No answer. - At 02.03.2013 again remind IBM about last holes - since more then 2,5 months there was no answer from them. - At 08.03.2013 IBM answered, holes will be fixed in Domino 9.0. - At 25.03.2013 I've disclosed these vulnerabilities at my site (http://websecurity.com.ua/6390/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua # 0day.today [2024-09-12] #