Category: security
IBM Lotus Domino RPC Operation Denial of Service Vulnerability
According to the IBM page about this: "If an attacker can monitor and record all communications between a Notes client and a Domino server then it is possible to crash the Domino server by modifying a specific packet, in a specific way, during a specifi… more »
IBM Lotus Domino Remote Console Authentication Bypass Vulnerability
Via SecurityFocus:
Bugtraq ID:
46985
Class:
Unknown
CVE:
CVE-2011-1519
Remote:
Yes… more »
Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192) -> IBM HTTP Server too!
08/25/11 10:18, by Dennis van Remortel, Categories: Administration, IBM, Websphere, security, Sametime Go read this, and apply the fixes. Your IBM HTTP server with the Websphere servers is just a rebranded Apache.
Example:
D:\IBM\bin>Apache.exe -v
Server version: IBM_HTTP_Server/6.0.2.29 Apache/2.0.47
Excerpt below:
Apach… more »
Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution
From the blackberry site. I've posted an excerpt below:
Overview
Vulnerabilities exist in components of the BlackBerry Enterprise Server that process PNG and TIFF images for rendering on the BlackBerry smartphone. The BlackBerry® Mobile Data Sys… more »
IBM Lotus Domino iCalendar Meeting Request Parsing Remote Stack Buffer Overflow Vulnerability
The solution in short: Upgrade to the latest version asap if you use iNotes outward facing. Some issues are fixed in 8.5.3, so beware until then.
Bugtraq ID: 46232
Class: Input Validation Error
CVE: CVE-2011-0915
Remote: Yes
Local: No… more »
IBM WebSphere Application Server JAX-RPC WS-Security/JAX-WS Runtime Security Bypass Vulnerability
I just saw this in my RSS feeds:
Bugtraq ID: 40322
Class: Design Error
CVE: CVE-2010-0774
Remote: Yes
Local: No
Published: May 11 2010 12:00AM
Updated: Jun 17 2011 04:00PM
Credit: IBM
Vulnerable: IBM Websphere Application Ser… more »
Security enhancements in iNotes 8.5.2 may require configuration changes in environments with reverse proxies
I was playing with the application firewall in the citrix netscaler and I found a cookie I had never seen before to get blocked.
Some quick googling gave me this Technote swg21453878. Please read it if you are using firewall/reverse proxy products in… more »
IBM Tivoli Directory Server Multiple Security Vulnerabilities
All info can be found here.
IBM Tivoli Directory Server Multiple Security Vulnerabilities
IBM Tivoli Directory Server is prone to a stack-based buffer-overflow and an information-disclosure vulnerability.
Attackers can exploit theses issues to execute… more »
IBM Lotus Domino iCalendar Remote Stack Buffer Overflow Vulnerability
All info can be found here.
IBM Lotus Domino iCalendar Remote Stack Buffer Overflow Vulnerability
IBM Lotus Domino is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied inpu… more »
Potential Denial of Service Attack with Java JDK/JRE hanging in IBM Lotus Notes and Domino (CVE-2010-4476)
This one can be nasty if you use servlets or java agents that do numerical conversion to binary floating point.
You can find the info in this TN 1462146.
Flash (Alert)
Abstract
A problem in the way that Java handles a specific numerical conver… more »
:: Next >>
Yet another Domino/Websphere Admin blog.
About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic
About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic
XML Feeds
