Test ID:	1.3.6.1.4.1.25623.1.0.10629
Category:	Web Servers
Title:	HCL / IBM / Lotus Domino Administration Databases Accessible (HTTP)
Summary:	This script determines if some default Lotus Domino databases; can be read remotely.
Description:	Summary: This script determines if some default Lotus Domino databases can be read remotely. Vulnerability Insight: An anonymous user can retrieve information from this Lotus Domino server: users, databases, configuration of servers (including operating system and hard disk partitioning), logs of access to users (which could expose sensitive data if GET html forms are used). These issues are discussed in the references 'Lotus White Paper: A Guide to Developing Secure Domino Applications' (december 1999). Solution: Verify all the ACLs for these databases and remove those not needed. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2000-0021 BugTraq ID: 881 http://www.securityfocus.com/bid/881 Bugtraq: 19991221 serious Lotus Domino HTTP denial of service (Google Search) Bugtraq: 19991227 Re: Lotus Domino HTTP denial of service attack (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2002-0664 BugTraq ID: 5101 http://www.securityfocus.com/bid/5101 Bugtraq: 20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs (Google Search) http://marc.info/?l=bugtraq&m=103134154721846&w=2 http://www.iss.net/security_center/static/10057.php
Copyright	Copyright (C) 2001 Javier Fernández-Sanguino Peña

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.