This script determines if some default databases can be read remotely. An anonymous user can retrieve information from this Lotus Domino server: users, databases, configuration of servers (including operating system and hard disk partitioning), logs of access to users (which could expose sensitive data if GET html forms are used).. This issues are discussed in 'Lotus White Paper: A Guide to Developing Secure Domino Applications' (december 1999) http://www.lotus.com/developers/devbase.nsf/articles/doc1999112200
verify all the ACLs for these databases and remove those not needed # This really could be high if, for example some # sensitive data, but same databases do not give # much information. Make separate tests for each?
- Monkey HTTP Daemon Invalid HTTP 'Connection' Header Denial Of Service Vulnerability
- CoreHTTP CGI Support Remote Command Execution Vulnerability
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities - March 2011
- Apache Multiple Security Vulnerabilities
- EasyPHP Webserver Multiple Vulnerabilities