Vulnerability Description
Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Lotus Domino | 5.0 |
| Ibm | Lotus Domino Server | <= 5.0.9a |
References
- http://marc.info/?l=bugtraq&m=101284222932568&w=2
- http://marc.info/?l=bugtraq&m=101285903120879&w=2
- http://marc.info/?l=bugtraq&m=101286525008089&w=2
- http://www.iss.net/security_center/static/8072.php
- http://www.nextgenss.com/papers/hpldws.pdfVendor Advisory
- http://www.securityfocus.com/bid/4022
- http://marc.info/?l=bugtraq&m=101284222932568&w=2
- http://marc.info/?l=bugtraq&m=101285903120879&w=2
- http://marc.info/?l=bugtraq&m=101286525008089&w=2
- http://www.iss.net/security_center/static/8072.php
- http://www.nextgenss.com/papers/hpldws.pdfVendor Advisory
- http://www.securityfocus.com/bid/4022
FAQ
What is CVE-2001-1567?
CVE-2001-1567 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with...
How severe is CVE-2001-1567?
CVE-2001-1567 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1567?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Lotus Domino, Ibm Lotus Domino Server.