Vulnerability CVE-2002-0245
Published: 2002-05-29   Modified: 2012-02-12

Description:
Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Lotus -> Domino 

 References:
http://marc.info/?l=bugtraq&m=101310812804716&w=2
http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E985256B64005AEB0F
http://www.iss.net/security_center/static/8160.php
http://www.securityfocus.com/bid/4049
Copyright 2024, cxsecurity.com

 

Back to Top