Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0407


Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0407
Last Modified 10 Sep 2008 03:11:56
Published 26 Jul 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.

Vulnerable Systems


  • Lotus Domino 5.0.9a


BID - 4406

XF - lotus-domino-reveal-information(8160)

BUGTRAQ - 20020402 KPMG-2002006: Lotus Domino Physical Path Revealed

BUGTRAQ - 20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service

Last Updated: 27 May 2016 10:36:54