Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0245

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0245
Last Modified 10 Sep 2008 08:00:47
Published 29 May 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0245

Summary

Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message.

Vulnerable Systems

Application

  • Lotus Domino 5.0

  • Lotus Domino 5.0.1

  • Lotus Domino 5.0.2

  • Lotus Domino 5.0.3

  • Lotus Domino 5.0.4

  • Lotus Domino 5.0.4a

  • Lotus Domino 5.0.5

  • Lotus Domino 5.0.6

  • Lotus Domino 5.0.6a

  • Lotus Domino 5.0.7

  • Lotus Domino 5.0.7a

  • Lotus Domino 5.0.8

  • Lotus Domino 5.0.9


References

XF - lotus-domino-reveal-information(8160)

BUGTRAQ - 20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service

BID - 4049

CONFIRM - http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E985256B64005AEB0F


Last Updated: 27 May 2016 10:36:50