Vigil@nce: IBM Lotus Domino, two HTTP Response Splitting
September 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use two vulnerabilities of IBM Lotus Domino, in
order to alter HTTP replies, so he can obtain information for
example.
– Severity: 2/4
– Creation date: 20/08/2012
IMPACTED PRODUCTS
– Lotus Domino
DESCRIPTION OF THE VULNERABILITY
Two HTTP Response Splitting vulnerabilities were announced in the
HTTP service of IBM Lotus Domino.
If the victim uses a version of Mozilla FireFox prior to 3.0.9, an
attacker can invite him to click on a link to obtain HTTP
fragments. [severity:1/4]
An attacker can invite the victim to click on a link to obtain
HTTP fragments. [severity:2/4]
An attacker can therefore use two vulnerabilities of IBM Lotus
Domino, in order to alter HTTP replies, so he can obtain
information for example.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-Lotus-Domino-two-HTTP-Response-Splitting-11869