By creating a specially crafted url, the authentication mechanism of Domino database can be circumvented. These urls should look like: http://host.com/<databasename>.ntf<buff>.nsf/ in which <buff> has a certain length.
Upgrade to the latest version of Domino.
- Jetty Cross Site Scripting and Information Disclosure Vulnerabilities
- httpdx Space Character Remote File Disclosure Vulnerability
- IBM HTTP Server Multiple Cross Site Scripting Vulnerabilities
- IIS 5.0 Sample App reveals physical path of web root
- IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities