CVE-2008-7253

critical

Description

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

References

http://www.kb.cert.org/vuls/id/AAMN-5K42VT

http://www.kb.cert.org/vuls/id/AAMN-5K42VN

http://www.kb.cert.org/vuls/id/867593

http://www-01.ibm.com/support/docview.wss?&uid=swg21201202

Details

Source: Mitre, NVD

Published: 2010-01-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00408