IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (uncredentialed check)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote server is affected by multiple vulnerabilities.

Description :

According to its banner, the version of IBM Domino (formerly IBM Lotus
Domino) on the remote host is 9.x earlier than 9.0.1. It is, therefore,
affected by the following vulnerabilities :

- The included version of the IBM Java SDK contains a
version of IBM JRE that contains numerous security
issues. (CVE-2013-0809, CVE-2013-1493, CVE-2013-2436,
CVE-2013-2455, CVE-2013-3006, CVE-2013-3007,
CVE-2013-3008, CVE-2013-3009, CVE-2013-3010,
CVE-2013-3011, CVE-2013-3012)

- An input validation error exists related to handling
content in email messages that could allow cross-site
scripting attacks. (CVE-2013-4063)

- An input validation error exists related to iNotes when
running in 'ultra-light' mode that could allow cross-
site scripting attacks. (CVE-2013-4064)

- An input validation error exists related to handling
content in email messages and iNotes when running in
'ultra-light' mode that could allow cross-site
scripting attacks. (CVE-2013-4065)

- Note that fixes in the Oracle Java CPUs for February,
April and June 2013 are included in the fixed IBM Java
release, which is included in the fixed IBM Domino
release. (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342,
CVE-2013-0351, CVE-2013-0401, CVE-2013-0402,
CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,
CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,
CVE-2013-0427, CVE-2013-0428, CVE-2013-0429,
CVE-2013-0430, CVE-2013-0431, CVE-2013-0432,
CVE-2013-0433, CVE-2013-0434, CVE-2013-0435,
CVE-2013-0437, CVE-2013-0438, CVE-2013-0440,
CVE-2013-0441, CVE-2013-0442, CVE-2013-0443,
CVE-2013-0444, CVE-2013-0445, CVE-2013-0446,
CVE-2013-0448, CVE-2013-0449, CVE-2013-0450,
CVE-2013-1473, CVE-2013-1475, CVE-2013-1476,
CVE-2013-1478, CVE-2013-1479, CVE-2013-1480,
CVE-2013-1481, CVE-2013-1488, CVE-2013-1489,
CVE-2013-1491, CVE-2013-1500, CVE-2013-1518,
CVE-2013-1537, CVE-2013-1540, CVE-2013-1557,
CVE-2013-1558, CVE-2013-1561, CVE-2013-1563,
CVE-2013-1564, CVE-2013-1569, CVE-2013-1571,
CVE-2013-2383, CVE-2013-2384, CVE-2013-2394,
CVE-2013-2400, CVE-2013-2407, CVE-2013-2412,
CVE-2013-2414, CVE-2013-2415, CVE-2013-2416,
CVE-2013-2417, CVE-2013-2418, CVE-2013-2419,
CVE-2013-2420, CVE-2013-2421, CVE-2013-2422,
CVE-2013-2423, CVE-2013-2424, CVE-2013-2425,
CVE-2013-2426, CVE-2013-2427, CVE-2013-2428,
CVE-2013-2429, CVE-2013-2430, CVE-2013-2431,
CVE-2013-2432, CVE-2013-2433, CVE-2013-2434,
CVE-2013-2435, CVE-2013-2437, CVE-2013-2438,
CVE-2013-2439, CVE-2013-2440, CVE-2013-2442,
CVE-2013-2443, CVE-2013-2444, CVE-2013-2445,
CVE-2013-2446, CVE-2013-2447, CVE-2013-2448,
CVE-2013-2449, CVE-2013-2450, CVE-2013-2451,
CVE-2013-2452, CVE-2013-2453, CVE-2013-2454,
CVE-2013-2456, CVE-2013-2457, CVE-2013-2458,
CVE-2013-2459, CVE-2013-2460, CVE-2013-2461,
CVE-2013-2462, CVE-2013-2463, CVE-2013-2464,
CVE-2013-2465, CVE-2013-2466, CVE-2013-2467,
CVE-2013-2468, CVE-2013-2469, CVE-2013-2470,
CVE-2013-2471, CVE-2013-2472, CVE-2013-2473,
CVE-2013-3743, CVE-2013-3744, CVE-2013-4002)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg27010592#ver901
http://www.nessus.org/u?fabb9d8f
https://www-304.ibm.com/support/docview.wss?uid=swg21644918

Solution :

Upgrade to IBM Domino 9.0.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 71859 ()

Bugtraq ID: 57681
57686
57687
57689
57691
57692
57694
57696
57697
57699
57700
57701
57702
57703
57704
57706
57707
57708
57709
57710
57711
57712
57713
57714
57715
57716
57717
57718
57719
57720
57722
57723
57724
57726
57727
57728
57729
57730
57731
58238
58296
58397
58493
58504
58507
59088
59089
59124
59128
59131
59137
59141
59145
59149
59153
59154
59159
59162
59165
59166
59167
59170
59172
59175
59178
59179
59184
59185
59187
59190
59191
59194
59195
59203
59206
59208
59212
59213
59219
59220
59228
59234
59243
60617
60618
60619
60620
60621
60622
60623
60624
60625
60626
60627
60629
60630
60631
60632
60633
60634
60635
60636
60637
60638
60639
60640
60641
60643
60644
60645
60646
60647
60649
60650
60651
60652
60653
60654
60655
60656
60657
60658
60659
61302
61306
61307
61308
61310
61311
61312
61313
64444
64445
64451

CVE ID: CVE-2012-1541
CVE-2012-3213
CVE-2012-3342
CVE-2013-0351
CVE-2013-0401
CVE-2013-0402
CVE-2013-0409
CVE-2013-0419
CVE-2013-0423
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0428
CVE-2013-0429
CVE-2013-0430
CVE-2013-0431
CVE-2013-0432
CVE-2013-0433
CVE-2013-0434
CVE-2013-0435
CVE-2013-0437
CVE-2013-0438
CVE-2013-0440
CVE-2013-0441
CVE-2013-0442
CVE-2013-0443
CVE-2013-0444
CVE-2013-0445
CVE-2013-0446
CVE-2013-0448
CVE-2013-0449
CVE-2013-0450
CVE-2013-0809
CVE-2013-1473
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1479
CVE-2013-1480
CVE-2013-1481
CVE-2013-1488
CVE-2013-1489
CVE-2013-1491
CVE-2013-1493
CVE-2013-1500
CVE-2013-1518
CVE-2013-1537
CVE-2013-1540
CVE-2013-1557
CVE-2013-1558
CVE-2013-1561
CVE-2013-1563
CVE-2013-1564
CVE-2013-1569
CVE-2013-1571
CVE-2013-2383
CVE-2013-2384
CVE-2013-2394
CVE-2013-2400
CVE-2013-2407
CVE-2013-2412
CVE-2013-2414
CVE-2013-2415
CVE-2013-2416
CVE-2013-2417
CVE-2013-2418
CVE-2013-2419
CVE-2013-2420
CVE-2013-2421
CVE-2013-2422
CVE-2013-2423
CVE-2013-2424
CVE-2013-2425
CVE-2013-2426
CVE-2013-2427
CVE-2013-2428
CVE-2013-2429
CVE-2013-2430
CVE-2013-2431
CVE-2013-2432
CVE-2013-2433
CVE-2013-2434
CVE-2013-2435
CVE-2013-2436
CVE-2013-2437
CVE-2013-2438
CVE-2013-2439
CVE-2013-2440
CVE-2013-2442
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2449
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2458
CVE-2013-2459
CVE-2013-2460
CVE-2013-2461
CVE-2013-2462
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2467
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3006
CVE-2013-3007
CVE-2013-3008
CVE-2013-3009
CVE-2013-3010
CVE-2013-3011
CVE-2013-3012
CVE-2013-3743
CVE-2013-3744
CVE-2013-4002
CVE-2013-4063
CVE-2013-4064
CVE-2013-4065