Test Kennung:	1.3.6.1.4.1.25623.1.0.10629
Kategorie:	Web Servers
Titel:	HCL / IBM / Lotus Domino Administration Databases Accessible (HTTP)
Zusammenfassung:	This script determines if some default Lotus Domino databases; can be read remotely.
Beschreibung:	Summary: This script determines if some default Lotus Domino databases can be read remotely. Vulnerability Insight: An anonymous user can retrieve information from this Lotus Domino server: users, databases, configuration of servers (including operating system and hard disk partitioning), logs of access to users (which could expose sensitive data if GET html forms are used). These issues are discussed in the references 'Lotus White Paper: A Guide to Developing Secure Domino Applications' (december 1999). Solution: Verify all the ACLs for these databases and remove those not needed. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2000-0021 BugTraq ID: 881 http://www.securityfocus.com/bid/881 Bugtraq: 19991221 serious Lotus Domino HTTP denial of service (Google Search) Bugtraq: 19991227 Re: Lotus Domino HTTP denial of service attack (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2002-0664 BugTraq ID: 5101 http://www.securityfocus.com/bid/5101 Bugtraq: 20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs (Google Search) http://marc.info/?l=bugtraq&m=103134154721846&w=2 http://www.iss.net/security_center/static/10057.php
Copyright	Copyright (C) 2001 Javier Fernández-Sanguino Peña

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.