Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:10629
Category:Web Servers
Title:Lotus Domino administration databases
Summary:This script determines if some default databases can be read remotely.;; An anonymous user can retrieve information from this Lotus Domino server: users, databases, configuration; of servers (including operating system and hard disk partitioning), logs of access to users (which could; expose sensitive data if GET html forms are used).;; This issues are discussed in the references 'Lotus White Paper: A Guide to Developing Secure Domino Applications' (december 1999).
Description:Summary:
This script determines if some default databases can be read remotely.

An anonymous user can retrieve information from this Lotus Domino server: users, databases, configuration
of servers (including operating system and hard disk partitioning), logs of access to users (which could
expose sensitive data if GET html forms are used).

This issues are discussed in the references 'Lotus White Paper: A Guide to Developing Secure Domino Applications' (december 1999).

Solution:
Verify all the ACLs for these databases and remove those not needed.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 5101
BugTraq ID: 881
Common Vulnerability Exposure (CVE) ID: CVE-2000-0021
http://www.securityfocus.com/bid/881
Bugtraq: 19991221 serious Lotus Domino HTTP denial of service (Google Search)
Bugtraq: 19991227 Re: Lotus Domino HTTP denial of service attack (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2002-0664
http://www.securityfocus.com/bid/5101
Bugtraq: 20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs (Google Search)
http://marc.info/?l=bugtraq&m=103134154721846&w=2
http://www.iss.net/security_center/static/10057.php
CopyrightCopyright (C) 2001 Javier Fernández-Sanguino Peña

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.