| VID |
22188 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Lotus Domino server is vulnerable to a database list disclosure vulnerability via the OpenServer command.
The "OpenServer" command can list the databases on a Lotus Domino server. A special URL, http://domino_server/?OpenServer, generates a page containing a list of all the databases on the server, with active links to those databases. By default, database browsing is not allowed and a request for the "OpenServer" command will elicit a 403 Forbidden response from the server. Authorization for the OpenServer URL is controlled by the Server document setting "Allow HTTP clients to browse database". Because this setting is that either everybody can browse, or nobody can. In other words, there's no way to limit the URL so that just a trusted set of users can see the list. If the command is successful by a remote attacker, he can gain the presence of more sensitive databases on the system("customers.nsf", etc.) and use it to perform the further attacks. To ensure server security, you should disable the "OpenServer" command.
* References:
http://www.nextgenss.com/papers/hpldws.pdf
http://www-10.lotus.com/ldd/today.nsf/08e35bc2d658af8785256658007aaffa/ca8ba86a52afb7d685256a3f004b7143?OpenDocument
http://pbfb5www.uni-paderborn.de/www/WI/WI2/wi2_lit.nsf/L9CTG/AEF6412B90650F8AC1256B22004A9A8C?OpenDocument
* Platforms Affected:
Lotus Domino server any version |
| Recommendation |
To change the server's configuration appropriately.
1. Open the Domino Web Administrator using the URL "http://domino_server/webadmin.nsf".
2. From the Web Administrator, select the <Configuration> tab, and then select <Servers> tab.
3. Double-click the server name from the list of servers, and then click <Edit Server> tab to change to the edit mode.
4. After selecting the <Internet Protocols> tab, set the "Allow HTTP clients to browse dababases" to "No".
5. Click the <Save and Close> tab to save the document.
6. Enter "tell http restart" at the Console to restart the HTTP process. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
