Dennis' Domino Blog

Category: security

Disabling HTTP methods

Permalink 08/30/13 08:49, by Dennis van Remortel, Categories: Administration, IBM, Lotus, security
For those being involved in security scans, you will probably know that they complain about TRACE and OPTIONS methods. You can disable those quite easily in your Internet site documents, but some products (Traveler,Sametime) don't officially support… more »

IBM Lotus Notes Traveler Open-Redirection and Cross Site Scripting Vulnerabilities

Permalink 10/05/12 11:13, by Dennis van Remortel, Categories: Administration, IBM, security, Traveler
IBM Lotus Notes Traveler is prone to an open-redirection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script or HTML code, steal coo… more »

IBM Lotus Domino RPC Operation Denial of Service Vulnerability

Permalink 01/03/12 08:30, by Dennis van Remortel, Categories: Administration, IBM, Lotus, security
According to the IBM page about this: "If an attacker can monitor and record all communications between a Notes client and a Domino server then it is possible to crash the Domino server by modifying a specific packet, in a specific way, during a specifi… more »

IBM Lotus Domino Remote Console Authentication Bypass Vulnerability

Permalink 12/01/11 08:22, by Dennis van Remortel, Categories: Administration, IBM, security
Via SecurityFocus: Bugtraq ID: 46985 Class: Unknown CVE: CVE-2011-1519 Remote: Yes… more »

Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192) -> IBM HTTP Server too!

Permalink 08/25/11 10:18, by Dennis van Remortel, Categories: Administration, IBM, Websphere, security, Sametime
Go read this, and apply the fixes. Your IBM HTTP server with the Websphere servers is just a rebranded Apache. Example: D:\IBM\bin>Apache.exe -v Server version: IBM_HTTP_Server/6.0.2.29 Apache/2.0.47 Excerpt below: Apach… more »

Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution

Permalink 08/12/11 08:38, by Dennis van Remortel, Categories: IBM, Lotus, security, Blackberry
From the blackberry site. I've posted an excerpt below: Overview Vulnerabilities exist in components of the BlackBerry Enterprise Server that process PNG and TIFF images for rendering on the BlackBerry smartphone. The BlackBerry® Mobile Data Sys… more »

IBM Lotus Domino iCalendar Meeting Request Parsing Remote Stack Buffer Overflow Vulnerability

Permalink 07/20/11 14:19, by Dennis van Remortel, Categories: Administration, IBM, Lotus, security
The solution in short: Upgrade to the latest version asap if you use iNotes outward facing. Some issues are fixed in 8.5.3, so beware until then. Bugtraq ID: 46232 Class: Input Validation Error CVE: CVE-2011-0915 Remote: Yes Local: No… more »

IBM WebSphere Application Server JAX-RPC WS-Security/JAX-WS Runtime Security Bypass Vulnerability

Permalink 06/17/11 20:16, by Dennis van Remortel, Categories: IBM, Websphere, security
I just saw this in my RSS feeds: Bugtraq ID: 40322 Class: Design Error CVE: CVE-2010-0774 Remote: Yes Local: No Published: May 11 2010 12:00AM Updated: Jun 17 2011 04:00PM Credit: IBM Vulnerable: IBM Websphere Application Ser… more »

Security enhancements in iNotes 8.5.2 may require configuration changes in environments with reverse proxies

Permalink 06/17/11 10:27, by Dennis van Remortel, Categories: Administration, IBM, Lotus, security, Netscaler
I was playing with the application firewall in the citrix netscaler and I found a cookie I had never seen before to get blocked. Some quick googling gave me this Technote swg21453878. Please read it if you are using firewall/reverse proxy products in… more »

IBM Tivoli Directory Server Multiple Security Vulnerabilities

Permalink 04/13/11 21:05, by Dennis van Remortel, Categories: Administration, IBM, security
All info can be found here. IBM Tivoli Directory Server Multiple Security Vulnerabilities IBM Tivoli Directory Server is prone to a stack-based buffer-overflow and an information-disclosure vulnerability. Attackers can exploit theses issues to execute… more »

:: Next >>

Yet another Domino/Websphere Admin blog.

About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic



Search

XML Feeds

Planet Lotus

blog soft

©2014 by Dennis van Remortel

Contact | Blog template by Asevo | blog tool | dedicated servers | authors