English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 123947 CVE descriptions
and 58962 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:10629
Category:Web Servers
Title:Lotus Domino administration databases
Summary:This script determines if some default databases can be read remotely.;; An anonymous user can retrieve information from this Lotus Domino server: users, databases, configuration; of servers (including operating system and hard disk partitioning), logs of access to users (which could; expose sensitive data if GET html forms are used)..;; This issues are discussed in 'Lotus White Paper: A Guide to Developing Secure Domino Applications' (december 1999); http://www.lotus.com/developers/devbase.nsf/articles/doc1999112200
Description:Summary:
This script determines if some default databases can be read remotely.

An anonymous user can retrieve information from this Lotus Domino server: users, databases, configuration
of servers (including operating system and hard disk partitioning), logs of access to users (which could
expose sensitive data if GET html forms are used)..

This issues are discussed in 'Lotus White Paper: A Guide to Developing Secure Domino Applications' (december 1999)
http://www.lotus.com/developers/devbase.nsf/articles/doc1999112200

Solution:
verify all the ACLs for these databases and remove those not needed

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 5101
BugTraq ID: 881
Common Vulnerability Exposure (CVE) ID: CVE-2000-0021
Bugtraq: 19991221 serious Lotus Domino HTTP denial of service (Google Search)
Bugtraq: 19991227 Re: Lotus Domino HTTP denial of service attack (Google Search)
http://www.securityfocus.com/bid/881
Common Vulnerability Exposure (CVE) ID: CVE-2002-0664
Bugtraq: 20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs (Google Search)
http://marc.info/?l=bugtraq&m=103134154721846&w=2
http://www.iss.net/security_center/static/10057.php
http://www.securityfocus.com/bid/5101
CopyrightThis script is Copyright (C) 2001 Javier Fernández-Sanguino Peña

This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2018 E-Soft Inc. All rights reserved.