Skip to main content

Software  >  Lotus  >  

Potential script insertion vulnerabilities in Domino Web Access (DWA)
 Technote (troubleshooting)
 
 
Problem
Secunia contacted IBM Lotus to report several script insertion vulnerabilities in Lotus Domino Web Access.

The advisory address is as follows:

http://secunia.com/advisories/16340/

 
Diagnosing the problem
The first issue reports that attached files are opened in the context of the site if the user clicks on it. Beginning with Domino 6.5.4 FP1, attached files are opened in a new window when the user clicks it. After clicking to open the file, the user must take action to "Allow Blocked Content" if it contains active content by right clicking to bring up the context menu.



The user is prompted with a Security Warning dialog box, "Allowing active content such as script and ActiveX controls can be useful, but active content might also harm your computer. Are you sure you want to let this file run on your computer?".



The active content will run only if the user clicks "Yes".

 
Resolving the problem
These three issues were reported to IBM Lotus Quality Engineering as SPRs# KEMG6FKU9G, KEMG6FKUBP, KEMG6FKUBT and have been addressed in Domino 6.5.5 and Domino 7.0.1.


Refer to the Upgrade Central site for details on upgrading Notes/Domino.
 
 
 

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
This material provides me with the information I need.




This material is clear and easy to understand.




Did the information help you to achieve your goal?
What updates, improvements, or related information would you like to see in this document?
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.
Input the verification number to submit feedback:
Document information
 Product categories:
 Software
 Messaging Applications
 Advanced Messaging
 Lotus Domino Web Access
 Security
 Operating system(s):
  AIX, Linux, Solaris, Windows, i5/OS, z/OS
 Software version:
  6.0, 6.5, 7.0
 Reference #:
  1229919
 IBM Group:
 Software Group
 Modified date:
 2006-02-10

Translate My Page
 
 

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.