« Interesting new service from TechSmith (the Camtasia guys) called Jing | Main| Time for what some may consider a political post. »

Potential Cross Site Scripting (XSS) vulnerability in IBM Lotus Sametime Server

Category
This one came across the wires this morning:
IBM Lotus Sametime Meeting Processing Cross Site Scripting Vulnerability

In a specific instance, it was found that a precisely crafted Sametime meeting could potentially contain text that would expose a Cross Site Script vulnerability.

This can be addressed in Sametime 7.5.1 by applying an available hotfix. All future releases will contain this fix within the shipping version. Additionally, the same issue was not seen using the EMS server.


It does concern me that at the moment customers have to call IBM support to get the hotfix. I would have thought vulnerability fixes should have been more easily available.

Posted by Carl Tyler On 08/01/2007 | | del.icio.us  Technorati  Digg This 

Comments

Gravatar Image1 - Carl, any idea what versions are affected? FrSIRT says "7.5.1 and prior", but the IBM technote only mentions 7.5.1.

Tnx for the tip, btw

Posted by Gerco Wolfswinkel At 11:40:29 AM On 08/01/2007 | - Website - |


Post A Comment

:-D:-o:-p:-x:-(:-):-\:angry::cool::cry::emb::grin::huh::laugh::rolleyes:;-)