Vulnerability Description
The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Lotus Notes | 5.0.3 |
References
- http://secunia.com/advisories/22741PatchVendor Advisory
- http://securitytracker.com/id?1017203
- http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026Patch
- http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdfExploitVendor Advisory
- http://www.securityfocus.com/bid/20960
- http://www.vupen.com/english/advisories/2006/4411
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30118
- http://secunia.com/advisories/22741PatchVendor Advisory
- http://securitytracker.com/id?1017203
- http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026Patch
- http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdfExploitVendor Advisory
- http://www.securityfocus.com/bid/20960
- http://www.vupen.com/english/advisories/2006/4411
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30118
FAQ
What is CVE-2006-5835?
CVE-2006-5835 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers t...
How severe is CVE-2006-5835?
CVE-2006-5835 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5835?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Lotus Notes.