Full Disclosure mailing list archives

By Date By Thread IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981) From: "MustLive" <mustlive () websecurity com ua>

Date: Fri, 19 Jun 2015 15:27:49 +0300

Hello list! Earlier I wrote about XSS vulnerability in IBM Domino (http://seclists.org/fulldisclosure/2015/May/128). I informed IBM in May about it and at 17.06.2015 they fixed it and released security bulletin. Security Bulletin: IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981) http://www-01.ibm.com/support/docview.wss?uid=swg21959908. CVE ID: CVE-2015-1981. ------------------------- Affected products: ------------------------- Vulnerable are the next products and versions: IBM Domino 9.0.1 Fix Pack 3 (plus Interim Fixes) and earlier IBM Domino 8.5.3 Fix Pack 6 (plus Interim Fixes) and earlier All 9.0 and 8.5.x releases of IBM Domino prior to those listed above ------------------------- Remediation/Fixes: ------------------------- IBM proposed fix for the last version of Domino and workarounds and mitigations for previous versions of Domino. Remediation (workarounds see in the bulletin): A fix for this issue, tracked as SPR# KLYH9WYPR5, is introduced in IBM Domino 9.0.1 Fix Pack 4. Customers running earlier 9.0.x or 8.5.x streams may either use the workaround listed in bulletin or contact IBM Support to inquire about the possibility of obtaining a hotfix for your environment. Best wishes & regards, Eugene Dokukin aka MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ By Date By Thread Current thread: IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981) MustLive (Jun 19)