IBM Domino Web Administrator Multiple Vulnerabilities

medium Nessus Plugin ID 71177

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

The remote IBM Domino web server includes IBM Domino Web Administrator (webadmin.nsf) and is affected by multiple vulnerabilities :

- An authenticated user can exploit an unspecified cross- site request forgery (CSRF) vulnerability by enticing a user to follow a specially crafted URL.
(CVE-2013-4050)

- An unspecified cross-site scripting vulnerability exists that can be exploited by an authenticated user.
(CVE-2013-4051)

- An unspecified cross-site scripting vulnerability exists that can be exploited by an authenticated user.
(CVE-2013-4055)

Note that only versions 8.5.x and 9.0.x of IBM Domino are affected by these issues.

Further note that Nessus has not tested for the vulnerabilities directly but has instead checked to see if the Domino Web Administrator (webadmin.nsf) is accessible.

Solution

Domino Web Administrator has been deprecated. Refer to the vendor- supplied URL for remediation recommendations.

See Also

http://www.nessus.org/u?12d94515

http://www-01.ibm.com/support/docview.wss?uid=swg21652988

Plugin Details

Severity: Medium

ID: 71177

File Name: domino_http_webadmin_mult_vulns.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 12/3/2013

Updated: 4/11/2022

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 5.4

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: E:POC/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:lotus_domino

Required KB Items: www/domino

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 11/5/2013

Reference Information

CVE: CVE-2013-4050, CVE-2013-4051, CVE-2013-4055

BID: 63576, 63577, 63578

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990