| VID |
22203 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Lotus Domino server has an information disclosure vulnerability via a request of DOS device.
If a remote attacker submits an HTTP request for a Windows DOS device with ".java" and ".pl",
Lotus Domino server with NoBanner enabled returns a 500 error page containing the full path of the file. In addition, system information can be revealed. This information can be used to perform further attacks against the affected server.
* References:
http://archives.neohapsis.com/archives/bugtraq/2002-02/0039.html
http://archives.neohapsis.com/archives/bugtraq/2002-04/0003.html
* Platforms Affected:
Lotus Domino 5.0.9a and earlier |
| Recommendation |
Upgrade to the latest of Lotus Domino (5.0.10 or later), available from the Notes.net Web site, http://www-10.lotus.com/ldd/down.nsf |
| Related URL |
CVE-2002-0245,CVE-2002-0407,CVE-2002-0408 (CVE) |
| Related URL |
4406,4049 (SecurityFocus) |
| Related URL |
8160 (ISS) |
|
