Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2588 Security Bulletin: Multiple Vulnerabilities affect IBM Domino & IBM iNotes 3 November 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Domino IBM iNotes Publisher: IBM Operating System: AIX Linux variants Windows Impact/Access: Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2016-6113 CVE-2016-5884 CVE-2016-5882 CVE-2016-5880 CVE-2016-3092 CVE-2016-2939 CVE-2016-2938 CVE-2016-0282 Reference: ESB-2016.2549 ESB-2016.2548 ESB-2016.2544 ESB-2016.2516 ESB-2016.2488 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21992835 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Multiple Vulnerabilities affect IBM Domino & IBM iNotes Software version: 8.5, 9.0 Operating system(s): AIX, Linux, Windows Reference #: 1992835 Modified date: 02 November 2016 Security Bulletin Summary There are multiple vulnerabilities in IBM Domino and IBM iNotes (shipped as part of Domino). Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114336 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2016-0282 DESCRIPTION: IBM iNotes is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111228 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2016-5880 DESCRIPTION: IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115075 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2016-2939 DESCRIPTION: IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 6.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113541 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2016-5882 DESCRIPTION: IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 6.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115077 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2016-6113 DESCRIPTION: IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 6.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118283 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2016-5884 DESCRIPTION: IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 6.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115079 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2016-2938 DESCRIPTION: IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 6.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113540 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2016-2939 DESCRIPTION: IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 6.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113541 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) Affected Products and Versions IBM Domino 9.0.1 through 9.0.1 Fix Pack 7 IBM Domino 9.0.0x IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 14 IBM Domino 8.5.2x IBM Domino 8.5.1x Remediation/Fixes CVE-2016-3092 is tracked as SPRs KLYHABSKNX and KLYHABSKDS. CVE-2016-0282, for release 8.5.x only, is tracked as SPR KLYHAAHNUS. CVE-2016-5880 is tracked as SPR YGYGA9DDX2. CVE-2016-2939 is tracked as SPR BCOEA8PQSP CVE-2016-5882 is tracked as SPR YGYGA9DDTA CVE-2016-6113 is tracked as SPR MLATAAR5A6 CVE-2016-5884 is tracked as SPR YGYGA9DDH6 CVE-2016-2938 is tracked as SPR BCOEA8PR8G CVE-2016-2939 is tracked as SPR BCOEA8PQS9 Fixes for the issues described above are introduced in the following releases Domino 9.0.1 Fix Pack 7 Interim Fix 1 Domino 8.5.3 Fix Pack 6 Interim Fix 15 For download links, refer to the following technotes: Notes & Domino 9.0.1 FP7 Interim Fixes http://www.ibm.com/support/docview.wss?uid=swg21657963 Notes & Domino 8.5.3 FP6 Interim Fixes http://www.ibm.com/support/docview.wss?uid=swg21663874 Customers who remain on the following releases may open a Service Request with IBM Support and reference the relevant SPRs above for a custom hotfix: IBM Domino 9.0.1 through 9.0.1 Fix Pack 6 IBM Domino 9.0.0x IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 14 IBM Domino 8.5.2x IBM Domino 8.5.1x IBM recommends that you review your entire environment to identify vulnerable releases of the open-source Apache Commons Collections and take appropriate mitigation and remediation actions. Workarounds and Mitigations None Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History Initial Publication 02-Nov-2016 *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWBqk9ox+lLeg9Ub1AQgM5A/7Bp2/P6iQkZq9JEj2wlojcNjXJ+ioaTRD AmzqCC9Md8fGrrrd4urs5vUOA00IGPvbcTidSOhXWNrqtNnw2TIa0xDNQ5oublgX vtSa6QKfncOfHigaH+2BajiE4u6nzAh/+Htf8xbgqoHsPTw5X8s8pbo85Yu/KCJr i9Fyj5GHx1x81ZABSbZZ312mOeShXSZb7rCQmiKNXgbsyMb55dlSWTYg1BE35VnS +vodC/coohncn5zGUgsQUmnG1qd0ruTEjrmAmXd33MlHfWzMO6vF7iXZrTxikrAo 2YBcuu8b7dugQICrEtEHoa7tNFCDLRVJBJBhnJlBPZrr78teTFHU7mQcyJgfAq9b c90Bbb1ZzhkVB0T6dk1hwfQKnmIBcATwtkxsjxStvGSbqieN46RCbHjPIj5CSIxA qLUDfSjJphDxA5/BTp02/E9o7kr9no0Cdys1wmKvt0bxFgkTtCfVRQjsaAAdTI/3 V456C3FrPERMvlKZxzP1FWb3QCcQsz12OZyu7XTaeNloEx8Hafeb5f0r2wVd0597 giiUi8kabKTzJ3V+GTHix4DDGH8LsscJvd5l7ey4O2WX27K60MKLjvKbaFNilKu9 I8HIvpRTU4o0JW6mn8ojDVJLsFGwKBfPjCauNwI3apMPJCju+3gf/JeOTiDTB6Tt aSp7/R5+4oY= =h3oK -----END PGP SIGNATURE-----