Signature Detail
Short Name |
SMTP:IBM-LOTUS-NOTES-XSS |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
SMTP |
Keywords |
IBM Lotus Notes Cross Site Scripting |
Release Date |
2011/08/15 |
Update Number |
1973 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMTP: IBM Lotus Notes Cross Site Scripting
This signature detects attempts to exploit a known vulnerability against IBM Lotus Domino Web Access (DWA) and Lotus Notes. It is due to insufficient handling while displaying an HTML formatted email. A successful attack can lead to arbitrary script code execution within the context of the affected application.
Extended Description
IBM Lotus Notes email client is prone to an input validation vulnerability. Reports indicate that HTML and JavaScript attached to received email messages is executed automatically when the email message is viewed. Specifically, users accessing standard Notes mail templates through a Web mail client are affected. This vulnerability may be leveraged by a remote attacker to automatically execute arbitrary script code in the context of a target user.
Affected Products
- IBM Lotus Domino 5.0.13
- IBM Lotus Domino 6.0.5
- IBM Lotus Domino 6.5.4
- IBM Lotus Domino Enterprise Server 5.0.13
- IBM Lotus Domino Enterprise Server 6.0.5
- IBM Lotus Domino Enterprise Server 6.5.4
- IBM Lotus Notes 5.0.12
- IBM Lotus Notes 5.0.3
- IBM Lotus Notes 6.0.0
- IBM Lotus Notes 6.0.1
- IBM Lotus Notes 6.0.2
- IBM Lotus Notes 6.0.3
- IBM Lotus Notes 6.0.4
- IBM Lotus Notes 6.0.5
- IBM Lotus Notes 6.5.0
- IBM Lotus Notes 6.5.1
- IBM Lotus Notes 6.5.2
- IBM Lotus Notes 6.5.3
- IBM Lotus Notes 6.5.4
References
- BugTraq: 14164
- CVE: CVE-2005-2175