ID de Prueba:	1.3.6.1.4.1.25623.1.0.10629
Categoría:	Web Servers
Título:	HCL / IBM / Lotus Domino Administration Databases Accessible (HTTP)
Resumen:	This script determines if some default Lotus Domino databases; can be read remotely.
Descripción:	Summary: This script determines if some default Lotus Domino databases can be read remotely. Vulnerability Insight: An anonymous user can retrieve information from this Lotus Domino server: users, databases, configuration of servers (including operating system and hard disk partitioning), logs of access to users (which could expose sensitive data if GET html forms are used). These issues are discussed in the references 'Lotus White Paper: A Guide to Developing Secure Domino Applications' (december 1999). Solution: Verify all the ACLs for these databases and remove those not needed. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2000-0021 BugTraq ID: 881 http://www.securityfocus.com/bid/881 Bugtraq: 19991221 serious Lotus Domino HTTP denial of service (Google Search) Bugtraq: 19991227 Re: Lotus Domino HTTP denial of service attack (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2002-0664 BugTraq ID: 5101 http://www.securityfocus.com/bid/5101 Bugtraq: 20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs (Google Search) http://marc.info/?l=bugtraq&m=103134154721846&w=2 http://www.iss.net/security_center/static/10057.php
Copyright	Copyright (C) 2001 Javier Fernández-Sanguino Peña

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.