Dennis' Domino Blog

Category: "security"

Disabling HTTP methods

  08/30/13 08:49, by dennisvr, Categories: Administration, IBM, Lotus, security
For those being involved in security scans, you will probably know that they complain about TRACE and OPTIONS methods. You can disable those quite easily in your Internet site documents, but some products (Traveler,Sametime) don't officially support… more »
1 comment »

IBM Lotus Notes Traveler Open-Redirection and Cross Site Scripting Vulnerabilities

  10/05/12 11:13, by dennisvr, Categories: Administration, IBM, security, Traveler
IBM Lotus Notes Traveler is prone to an open-redirection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script or HTML code, steal… more »

IBM Lotus Domino RPC Operation Denial of Service Vulnerability

  01/03/12 08:30, by dennisvr, Categories: Administration, IBM, Lotus, security
According to the IBM page about this: "If an attacker can monitor and record all communications between a Notes client and a Domino server then it is possible to crash the Domino server by modifying a specific packet, in a specific way, during a… more »

IBM Lotus Domino Remote Console Authentication Bypass Vulnerability

  12/01/11 08:22, by dennisvr, Categories: Administration, IBM, security
Via SecurityFocus: Bugtraq ID: 46985 Class: Unknown CVE: CVE-2011-1519 Remote: Yes… more »
2 comments »

Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192) -> IBM HTTP Server too!

  08/25/11 10:18, by dennisvr, Categories: Administration, IBM, Websphere, security, Sametime
Go read this, and apply the fixes. Your IBM HTTP server with the Websphere servers is just a rebranded Apache. Example: D:\IBM\bin>Apache.exe -v Server version: IBM_HTTP_Server/6.0.2.29 Apache/2.0.47 Excerpt below: Apach… more »

Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution

  08/12/11 08:38, by dennisvr, Categories: IBM, Lotus, security, Blackberry
From the blackberry site. I've posted an excerpt below: Overview Vulnerabilities exist in components of the BlackBerry Enterprise Server that process PNG and TIFF images for rendering on the BlackBerry smartphone. The BlackBerry® Mobile Data… more »

IBM Lotus Domino iCalendar Meeting Request Parsing Remote Stack Buffer Overflow Vulnerability

  07/20/11 14:19, by dennisvr, Categories: Administration, IBM, Lotus, security
The solution in short: Upgrade to the latest version asap if you use iNotes outward facing. Some issues are fixed in 8.5.3, so beware until then. Bugtraq ID: 46232 Class: Input Validation Error CVE: CVE-2011-0915 Remote: Yes Local: No… more »

IBM WebSphere Application Server JAX-RPC WS-Security/JAX-WS Runtime Security Bypass Vulnerability

  06/17/11 20:16, by dennisvr, Categories: IBM, Websphere, security
I just saw this in my RSS feeds: Bugtraq ID: 40322 Class: Design Error CVE: CVE-2010-0774 Remote: Yes Local: No Published: May 11 2010 12:00AM Updated: Jun 17 2011 04:00PM Credit: IBM Vulnerable: IBM Websphere Application… more »

Security enhancements in iNotes 8.5.2 may require configuration changes in environments with reverse proxies

  06/17/11 10:27, by dennisvr, Categories: Administration, IBM, Lotus, security, Netscaler
I was playing with the application firewall in the citrix netscaler and I found a cookie I had never seen before to get blocked. Some quick googling gave me this Technote swg21453878. Please read it if you are using firewall/reverse proxy products in… more »
2 comments »

IBM Tivoli Directory Server Multiple Security Vulnerabilities

  04/13/11 21:05, by dennisvr, Categories: Administration, IBM, security
All info can be found here. IBM Tivoli Directory Server Multiple Security Vulnerabilities IBM Tivoli Directory Server is prone to a stack-based buffer-overflow and an information-disclosure vulnerability. Attackers can exploit theses issues to execute… more »

:: Next >>

Yet another Domino/Websphere Admin blog.

About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic



Search

  XML Feeds

Planet Lotus

blog soft
 

©2014 by Dennis van Remortel

Contact | Help | Blog template by Asevo | blog tool | dedicated servers | authors