CVE-2008-7253

N/A Unknown
Published: January 25, 2010 Modified: April 29, 2026
View on NVD

Description

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://www-01.ibm.com/support/docview.wss?&uid=swg21201202
Source: cve@mitre.org
http://www.kb.cert.org/vuls/id/867593
Source: cve@mitre.org
US Government Resource
http://www.kb.cert.org/vuls/id/AAMN-5K42VN
Source: cve@mitre.org
http://www.kb.cert.org/vuls/id/AAMN-5K42VT
Source: cve@mitre.org
http://www-01.ibm.com/support/docview.wss?&uid=swg21201202
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.kb.cert.org/vuls/id/867593
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.kb.cert.org/vuls/id/AAMN-5K42VN
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.kb.cert.org/vuls/id/AAMN-5K42VT
Source: af854a3a-2127-422b-91ae-364da2661108

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.5%
81th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-16

Affected Vendors

ibm

Related CVEs

CVE-2026-40137 6.1
CVE-2026-40136 4.3
CVE-2026-40135 6.5
CVE-2026-40134 4.3
CVE-2026-40133 6.3