Vulnerability Description
Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lotus | Domino | 5.0 |
References
- http://marc.info/?l=bugtraq&m=101310812804716&w=2
- http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E9
- http://www.iss.net/security_center/static/8160.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4049
- http://marc.info/?l=bugtraq&m=101310812804716&w=2
- http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E9
- http://www.iss.net/security_center/static/8160.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4049
FAQ
What is CVE-2002-0245?
CVE-2002-0245 is a vulnerability with a CVSS score of 7.5 (HIGH). Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks t...
How severe is CVE-2002-0245?
CVE-2002-0245 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0245?
Check the references section above for vendor advisories and patch information. Affected products include: Lotus Domino.