Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0407

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0407
Last Modified 10 Sep 2008 03:11:56
Published 26 Jul 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0407

Summary

htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.

Vulnerable Systems

Application

  • Lotus Domino 5.0.9a


References

BID - 4406

XF - lotus-domino-reveal-information(8160)

BUGTRAQ - 20020402 KPMG-2002006: Lotus Domino Physical Path Revealed

BUGTRAQ - 20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service


Last Updated: 27 May 2016 10:36:54