Summary
By creating a specially crafted url, the authentication mechanism of Domino database can be circumvented. These urls should look like:
http://host.com/<databasename>.ntf<buff>.nsf/ in which <buff> has a certain length.
Solution
Upgrade to the latest version of Domino.
Severity
Classification
-
CVE CVE-2001-1567 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability
- bozotic HTTP server Information Disclosure Vulnerability
- Check for IIS .cnf file leakage
- IBM WebSphere Application Server Administration Directory Traversal Vulnerability
- Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability (Windows)