Invalid Lotus Domino Web access sesssion cookie handling

[EN] securityvulns.ru
no-pyccku

Invalid Lotus Domino Web access sesssion cookie handling
Published: 12.09.2006
Source: FULL-DISCLOSURE
SecurityVulns ID: 6601
Type: remote
Level: 4/10
Description: Server accepts session cookie after user logout.

Affected: IBM : Lotus Domino Web Access 7.0
CVE: CVE-2007-1740 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4843. Reason: This candidate is a duplicate of CVE-2006-4843. Notes: All CVE users should reference CVE-2006-4843 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
CVE-2006-4843 (Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.)

Original document Ferguson, David, [Full-disclosure] Session Token Remains Valid After Logout in IBM Lotus Domino Web Access (12.09.2006)

Discuss: Read or add your comments to this news (0 comments)