Unrated severityNVD Advisory· Published Jan 25, 2010· Updated Apr 29, 2026

CVE-2008-7253

Description

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

Affected products

IBM/Lotus Domino Server4 versions
cpe:2.3:a:ibm:lotus_domino_server:6.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:ibm:lotus_domino_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino_server:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino_server:8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/867593nvdUS Government Resource
www-01.ibm.com/support/docview.wssnvd
www.kb.cert.org/vuls/id/AAMN-5K42VNnvd
www.kb.cert.org/vuls/id/AAMN-5K42VTnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000