Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ibm | First view | 2001-09-19 |
| Product | Lotus Domino | Last view | 2014-08-11 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2014-08-11 | CVE-2014-3086 | Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager. |
| 4.3 | 2014-05-08 | CVE-2014-0913 | Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE. |
| 5 | 2014-04-23 | CVE-2014-0892 | IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, aka SPR KLYH9GGS9W. |
| 7.8 | 2014-02-06 | CVE-2014-0822 | The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z. |
| 2.6 | 2013-12-21 | CVE-2013-4065 | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP. |
| 2.1 | 2013-12-21 | CVE-2013-4064 | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9ARMFA. |
| 4.3 | 2013-12-21 | CVE-2013-4063 | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP. |
| 3.5 | 2013-11-07 | CVE-2013-4055 | Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051. |
| 3.5 | 2013-11-07 | CVE-2013-4051 | Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4055. |
| 6 | 2013-11-07 | CVE-2013-4050 | Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. |
| 4.3 | 2013-10-22 | CVE-2013-5389 | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X. |
| 4.3 | 2013-10-22 | CVE-2013-5388 | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK5F. |
| 7.1 | 2013-09-20 | CVE-2013-4068 | Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka SPR PTHN9ADPA8. |
| 4.3 | 2013-08-26 | CVE-2013-0595 | Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3. |
| 3.5 | 2013-08-26 | CVE-2013-0591 | Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0590. |
| 3.5 | 2013-08-26 | CVE-2013-0590 | Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0591. |
| 4.3 | 2013-08-09 | CVE-2013-3990 | Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN98FLQ2. |
| 4.3 | 2013-08-09 | CVE-2013-3032 | Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN986NAA. |
| 9.3 | 2013-08-09 | CVE-2013-3027 | Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW. |
| 6 | 2013-03-27 | CVE-2013-0489 | Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators. |
| 4.3 | 2013-03-27 | CVE-2013-0488 | Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 8.5 | 2013-03-27 | CVE-2013-0487 | The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN. |
| 4.3 | 2013-03-27 | CVE-2013-0486 | Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon crash) via GET requests, aka SPR KLYH92NKZY. |
| 4.3 | 2013-02-27 | CVE-2012-4844 | Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 5.8 | 2013-02-27 | CVE-2012-4842 | Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 41% (19) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 26% (12) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 8% (4) | CWE-287 | Improper Authentication |
| 4% (2) | CWE-399 | Resource Management Errors |
| 4% (2) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 4% (2) | CWE-200 | Information Exposure |
| 4% (2) | CWE-189 | Numeric Errors |
| 2% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 2% (1) | CWE-310 | Cryptographic Issues |
| 2% (1) | CWE-20 | Improper Input Validation |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
| CAPEC-17 | Accessing, Modifying or Executing Executable Files |
| CAPEC-21 | Exploitation of Session Variables, Resource IDs and other Trusted Credentials |
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
| CAPEC-60 | Reusing Session IDs (aka Session Replay) |
| CAPEC-61 | Session Fixation |
| CAPEC-62 | Cross Site Request Forgery (aka Session Riding) |
| CAPEC-122 | Exploitation of Authorization |
| CAPEC-167 | Lifting Sensitive Data from the Client |
| CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels |
| CAPEC-232 | Exploitation of Privilege/Trust |
| CAPEC-234 | Hijacking a privileged process |
SAINT Exploits
| Description | Link |
|---|---|
| Lotus Domino IMAP mailbox name buffer overflow | More info here |
| Lotus Domino nrouter.exe iCalendar MAILTO buffer overflow | More info here |
| Lotus Domino IMAP CRAM-MD5 authentication buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 77990 | IBM Lotus Domino Notes RPC Authentication Operation Packet Parsing Remote DoS |
| 75576 | IBM Lotus Domino WebAdmin.nsf PanelIcon Parameter fmpgPanelHeader ReadForm Ac... |
| 75575 | IBM Lotus Domino Nnotes.dll NSFComputeEvaluateExt Function tHPRAgentName Para... |
| 72565 | IBM Lotus Domino Remote Console UNC Pathname Unspecified Authentication Bypass |
| 72559 | IBM Lotus Domino NRouter Service Calendar Request Attachment Name Parsing Rem... |
| 72558 | IBM Lotus Domino IMAP/POP3 mail from Command Non-Printable Character Expansio... |
| 72557 | IBM Lotus Domino nLDAP.exe LDAP Bind Request Remote Code Execution |
| 72162 | IBM Lotus Domino ndiiop.exe GIOP getEnvironmentString Request Overflow |
| 72161 | IBM Lotus Domino ndiiop.exe GIOP Client Request Overflow |
| 72160 | IBM Lotus Domino nrouter.exe Content-Type Header name Parameter Overflow |
| 71681 | IBM Lotus Domino Server_Console_Password Weakness Authentication Bypass Remot... |
| 70851 | IBM Lotus Domino SMTP Service Filename Parameter Unspecified Overflow |
| 68040 | IBM Lotus Domino nnotes.dll MailCheck821Address Function iCalendar Email Addr... |
| 62794 | IBM Lotus Domino Help Component help/readme.nsf/Header BaseTarget Parameter XSS |
| 61862 | IBM Lotus Domino LDAP Message Handling Overflow DoS |
| 61647 | IBM Lotus Domino iNotes "Try Lotus iNotes anyway" Link Navigation U... |
| 60019 | IBM Lotus Domino Web Server HTTP Error Message Account Enumeration |
| 57866 | IBM Lotus Domino Server nserver.exe Unspecified DoS |
| 57619 | IBM Lotus Domino webadmin.nsf Directory Creation Command Arbitrary Directory ... |
| 53479 | IBM Lotus Domino IMAP Server RFC822 Attachment Handling DoS |
| 45415 | IBM Lotus Domino Web Server Accept-Language HTTP Header Remote Overflow |
| 40953 | IBM Lotus Domino IMAP Service Mailbox Name Overflow |
| 40952 | IBM Lotus Domino Certificate Authority (CA) Local Cleartext Password Disclosure |
| 40951 | IBM Lotus Domino Evaluate LotusScript Method @ Formula Command Remote Privile... |
| 40948 | IBM Lotus Notes / Domino IPC Shared Memory Permission Weakness Local Privileg... |
ExploitDB Exploits
| id | Description |
|---|---|
| 18179 | IBM Lotus Domino Server Controller Authentication Bypass Vulnerability |
| 3302 | Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-12-29 | Name : IBM Lotus Domino Notes RPC Authentication Processing Denial of Service Vulner... File : nvt/secpod_ibm_lotus_domino_rpc_auth_dos_vuln.nasl |
| 2011-09-23 | Name : IBM Lotus Domino Cross Site Scripting and Buffer Overflow Vulnerabilities File : nvt/secpod_ibm_lotus_domino_xss_n_bof_vuln.nasl |
| 2011-05-09 | Name : IBM Lotus Domino Cookie File Authentication Bypass Vulnerability File : nvt/secpod_ibm_lotus_domino_auth_bypass_vuln.nasl |
| 2011-05-09 | Name : IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability File : nvt/secpod_ibm_lotus_domino_ldap_code_exec_vuln.nasl |
| 2011-05-09 | Name : IBM Lotus Domino Multiple Remote Buffer Overflow Vulnerabilities File : nvt/secpod_ibm_lotus_domino_mult_bof_vuln.nasl |
| 2011-05-09 | Name : IBM Lotus Domino Multiple Remote Buffer Overflow Vulnerabilities File : nvt/secpod_ibm_lotus_domino_mult_vuln.nasl |
| 2010-09-29 | Name : IBM Lotus Domino iCalendar Remote Stack Buffer Overflow Vulnerability File : nvt/secpod_ibm_lotus_domino_stack_bof.nasl |
| 2006-03-26 | Name : Lotus Domino LDAP Server Denial of Service Vulnerability File : nvt/lotus_domino_ldap_dos.nasl |
| 2006-03-26 | Name : Lotus Domino Src and BaseTarget XSS File : nvt/lotus_domino_xss.nasl |
| 2005-11-03 | Name : Authentication bypassing in Lotus Domino File : nvt/domino_authentication_bypass.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | subscribe directory traversal attempt RuleID : 5702 - Type : PROTOCOL-IMAP - Revision : 10 |
| 2019-05-21 | IBM iNotes version 9 ActiveX clsid access RuleID : 49878 - Type : BROWSER-PLUGINS - Revision : 1 |
| 2019-05-21 | IBM iNotes version 9 ActiveX clsid access RuleID : 49877 - Type : BROWSER-PLUGINS - Revision : 1 |
| 2019-05-21 | IBM iNotes version 9 ActiveX clsid access RuleID : 49876 - Type : BROWSER-PLUGINS - Revision : 1 |
| 2019-05-21 | IBM iNotes version 9 ActiveX clsid access RuleID : 49875 - Type : BROWSER-PLUGINS - Revision : 1 |
| 2019-05-21 | IBM iNotes version 9 ActiveX clsid access RuleID : 49874 - Type : BROWSER-PLUGINS - Revision : 1 |
| 2019-05-21 | IBM iNotes version 9 ActiveX clsid access RuleID : 49873 - Type : BROWSER-PLUGINS - Revision : 1 |
| 2018-02-06 | IBM Java invokeWithPrivilege method call attempt RuleID : 45351 - Type : FILE-JAVA - Revision : 2 |
| 2018-02-06 | IBM Java invokeWithClassLoaders method call attempt RuleID : 45350 - Type : FILE-JAVA - Revision : 2 |
| 2018-02-06 | IBM Java invokeWithPrivilege method call attempt RuleID : 45349 - Type : FILE-JAVA - Revision : 2 |
| 2018-02-06 | IBM Java invokeWithClassLoaders method call attempt RuleID : 45348 - Type : FILE-JAVA - Revision : 2 |
| 2017-07-04 | IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt RuleID : 43068 - Type : SERVER-OTHER - Revision : 3 |
| 2017-07-04 | IMAP CRAM-MD5 authentication attempt RuleID : 43067 - Type : PROTOCOL-IMAP - Revision : 3 |
| 2014-11-16 | IBM iNotes version 9 ActiveX clsid access RuleID : 31336 - Type : BROWSER-PLUGINS - Revision : 3 |
| 2014-11-16 | IBM iNotes version 9 ActiveX clsid access RuleID : 31335 - Type : BROWSER-PLUGINS - Revision : 3 |
| 2014-11-16 | IBM iNotes version 8.5 ActiveX clsid access RuleID : 31334 - Type : BROWSER-PLUGINS - Revision : 3 |
| 2014-11-16 | IBM iNotes version 8.5 ActiveX clsid access RuleID : 31333 - Type : BROWSER-PLUGINS - Revision : 3 |
| 2014-01-10 | SUBSCRIBE overflow attempt RuleID : 3074-community - Type : PROTOCOL-IMAP - Revision : 19 |
| 2014-01-10 | SUBSCRIBE overflow attempt RuleID : 3074 - Type : PROTOCOL-IMAP - Revision : 19 |
| 2014-01-10 | SUBSCRIBE literal overflow attempt RuleID : 3073-community - Type : PROTOCOL-IMAP - Revision : 17 |
| 2014-01-10 | SUBSCRIBE literal overflow attempt RuleID : 3073 - Type : PROTOCOL-IMAP - Revision : 17 |
| 2014-04-05 | IBM Lotus Domino stack buffer overflow attempt RuleID : 30031 - Type : SERVER-WEBAPP - Revision : 4 |
| 2014-01-10 | IBM Lotus Domino webadmin.nsf directory traversal attempt RuleID : 23480 - Type : SERVER-WEBAPP - Revision : 7 |
| 2014-01-10 | IBM Lotus Domino cross site scripting attempt RuleID : 23434 - Type : SERVER-WEBAPP - Revision : 5 |
| 2014-01-10 | IBM Lotus Domino cross site scripting attempt RuleID : 23433 - Type : SERVER-WEBAPP - Revision : 5 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2015-02-25 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-0264.nasl - Type: ACT_GATHER_INFO |
| 2014-11-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2013-1456.nasl - Type: ACT_GATHER_INFO |
| 2014-11-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2013-1455.nasl - Type: ACT_GATHER_INFO |
| 2014-08-22 | Name: The remote AIX host has a version of Java SDK installed that is affected by m... File: aix_java_jul2014_advisory.nasl - Type: ACT_GATHER_INFO |
| 2014-08-12 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2014-1042.nasl - Type: ACT_GATHER_INFO |
| 2014-08-12 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2014-1041.nasl - Type: ACT_GATHER_INFO |
| 2014-08-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2014-1033.nasl - Type: ACT_GATHER_INFO |
| 2014-08-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2014-1036.nasl - Type: ACT_GATHER_INFO |
| 2014-05-28 | Name: The remote host has software installed that is affected a buffer overflow vul... File: lotus_domino_9_0_0_if4.nasl - Type: ACT_GATHER_INFO |
| 2014-05-28 | Name: The remote server is affected by a buffer overflow vulnerability. File: domino_8_5_3fp5_if1.nasl - Type: ACT_GATHER_INFO |
| 2014-05-28 | Name: The remote server is affected by a buffer overflow vulnerability. File: domino_9_0_0_if4.nasl - Type: ACT_GATHER_INFO |
| 2014-05-28 | Name: The remote host has software installed that is affected a buffer overflow vul... File: lotus_domino_8_5_3_fp5_if1.nasl - Type: ACT_GATHER_INFO |
| 2014-05-19 | Name: The remote server is affected by a cross-site scripting vulnerability. File: domino_inotes_xss.nasl - Type: ACT_GATHER_INFO |
| 2014-05-19 | Name: The remote host has software installed that is affected by a cross-site scrip... File: lotus_domino_inotes_xss.nasl - Type: ACT_GATHER_INFO |
| 2014-05-12 | Name: The remote server is affected by multiple vulnerabilities. File: domino_9_0_1_fp1.nasl - Type: ACT_GATHER_INFO |
| 2014-05-12 | Name: The remote server is affected by a buffer overflow vulnerability. File: domino_8_5_3fp6_if2.nasl - Type: ACT_GATHER_INFO |
| 2014-05-12 | Name: The remote host has software installed that is affected by multiple vulnerabi... File: lotus_domino_9_0_1_fp1.nasl - Type: ACT_GATHER_INFO |
| 2014-05-12 | Name: The remote host has software installed that is affected by multiple vulnerabi... File: lotus_notes_9_0_1_fp1.nasl - Type: ACT_GATHER_INFO |
| 2014-03-04 | Name: The remote server is affected by a denial of service vulnerability. File: domino_9_0_1_if2.nasl - Type: ACT_GATHER_INFO |
| 2014-01-08 | Name: The remote server is affected by multiple vulnerabilities. File: domino_9_0_1.nasl - Type: ACT_GATHER_INFO |
| 2014-01-08 | Name: The remote host has software installed that is affected by multiple vulnerabi... File: lotus_domino_9_0_1.nasl - Type: ACT_GATHER_INFO |
| 2014-01-08 | Name: The remote host has software installed that is affected by multiple cross-sit... File: lotus_domino_8_5_3_fp6.nasl - Type: ACT_GATHER_INFO |
| 2014-01-08 | Name: The remote server is affected by multiple cross-site scripting vulnerabilities. File: domino_8_5_3fp6.nasl - Type: ACT_GATHER_INFO |
| 2013-12-03 | Name: The remote web server is affected by multiple vulnerabilities. File: domino_http_webadmin_mult_vulns.nasl - Type: ACT_GATHER_INFO |
| 2013-07-05 | Name: The remote web server is affected by multiple vulnerabilities. File: domino_8_5_3fp4.nasl - Type: ACT_GATHER_INFO |
