Vulnerability Description
Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Lotus Domino | 5.0.8 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-01/0373.htmlExploit
- http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0258.htmlExploit
- http://www.iss.net/security_center/static/8038.php
- http://www.securityfocus.com/bid/3991
- http://archives.neohapsis.com/archives/bugtraq/2002-01/0373.htmlExploit
- http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0258.htmlExploit
- http://www.iss.net/security_center/static/8038.php
- http://www.securityfocus.com/bid/3991
FAQ
What is CVE-2002-2014?
CVE-2002-2014 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easie...
How severe is CVE-2002-2014?
CVE-2002-2014 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2014?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Lotus Domino.