Computer Security
[EN] securityvulns.ru no-pyccku


Invalid Lotus Domino Web access sesssion cookie handling
Published:12.09.2006
Source:
SecurityVulns ID:6601
Type:remote
Threat Level:
4/10
Description:Server accepts session cookie after user logout.
Affected:IBM : Lotus Domino Web Access 7.0
CVE:CVE-2007-1740 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4843. Reason: This candidate is a duplicate of CVE-2006-4843. Notes: All CVE users should reference CVE-2006-4843 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2006-4843 (Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.)
Original documentdocumentFerguson, David, [Full-disclosure] Session Token Remains Valid After Logout in IBM Lotus Domino Web Access (12.09.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod