Lotus Domino flaws fixed

IBM has issued fixes for two flaws in its Lotus Domino product line, the vendor said last week.

  • E-Mail
By  Administrator Published  April 5, 2007

IBM has issued fixes for two flaws in its Lotus Domino product line, the vendor said last week.

The vulnerabilities were a cross-site scripting flaw, affecting IBM Lotus Domino Web Access, and a heap overflow vulnerability related to IBM Lotus Domino Server Software.

Both flaws were reported by security intelligence firm iDefense Labs.

The firm said that the cross-site scripting vulnerability occurred due to improper HTML filtering of e-mail message contents. "Although Web Access attempts to filter out HTML and script code, certain code sequences will bypass the filters and successfully execute JavaScript," it said.

In an advisory, IBM said in order to avoid an attack, users needed to activate their Active Content Filter feature.

The second vulnerability - the heap overflow - was created as the result of a malformed request to the directory service of Lotus Domino Enterprise Server.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code