ID CVE-2002-0408
Summary htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message.
References
Vulnerable Configurations
  • cpe:2.3:a:lotus:domino:5.0.9a
    cpe:2.3:a:lotus:domino:5.0.9a
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family Web Servers
NASL id LOTUS_PATH_DISCLOSURE.NASL
description The remote web server appears to be a version of Lotus Domino that allows an attacker to determine the physical path to the web root by requesting a non-existent '.pl' file.
last seen 2019-02-21
modified 2018-11-15
plugin id 11009
published 2002-06-08
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11009
title IBM Lotus Domino Banner Nonexistent .pl File Request Path Disclosure
refmap via4
bid 4049
bugtraq
  • 20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service
  • 20020303 Re: KPMG-2002006: Lotus Domino Physical Path Revealed
Last major update 17-10-2016 - 22:20
Published 26-07-2002 - 00:00
Back to Top