| VID |
22044 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Lotus Domino web server allows remote users to bypass password protected URLs.
Lotus Domino Server is an application framework for web based collaborative software. It runs on multiple platforms including Windows and Unix. Lotus Domino have database files like webadmin.nsf, log.nsf and names.nsf, these files are protected by passwords. If a remote request for the file is submitted with a maliciously constructed filename of the correct length, the authentication process may be bypassed. There have been multiple reports that this is a known issue, and only allows the remote user to access template (.ntf) files. |
| Recommendation |
As a workaround, restrict anonymous access to sensitive files.
Upgrade to the latest version (Lotus Domino 5.0.9 or later). |
| Related URL |
CVE-2001-1567 (CVE) |
| Related URL |
4022 (SecurityFocus) |
| Related URL |
8072 (ISS) |
|
