Vulnerability Description
htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lotus | Domino | <= 5.0.9a |
References
- http://marc.info/?l=bugtraq&m=101310812804716&w=2
- http://marc.info/?l=bugtraq&m=101785616526383&w=2
- http://www.securityfocus.com/bid/4049ExploitPatchVendor Advisory
- http://marc.info/?l=bugtraq&m=101310812804716&w=2
- http://marc.info/?l=bugtraq&m=101785616526383&w=2
- http://www.securityfocus.com/bid/4049ExploitPatchVendor Advisory
FAQ
What is CVE-2002-0408?
CVE-2002-0408 is a vulnerability with a CVSS score of 5.0 (MEDIUM). htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an...
How severe is CVE-2002-0408?
CVE-2002-0408 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0408?
Check the references section above for vendor advisories and patch information. Affected products include: Lotus Domino.