CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
70.4%
Lotus Notes JVM leaks information about the existence of a file.
A malicious Java applet run in the Lotus Notes web browser can determine if a local file exists. Notes’ preferences must be set to browse the web using the Notes browser, with execution of Java applets enabled.
When a Java applet tries to access local files, Lotus Notes presents a dialog box to the user asking whether access should be allowed. It only presents this dialog after checking if the local file exists; if it does not exist, the dialog is not shown. Thus, if the applet can determine whether the dialog was shown, it will know whether the file exists.
If the dialog is shown, it will take some time for the user to notice it and click a button to dismiss it. The applet can detect whether the dialog was shown by checking the times before and after trying to access the local file. If the dialog was not shown, the time difference will be very small, while if the dialog was shown, the time difference will be substantially longer. Based on the time difference, the applet can determine if the dialog was shown and therefore whether the local file exists.
By checking for the existence of certain files, an attacker can learn what software is installed and what programs have been executed recently on the client machine. However, the attacker cannot read or modify any files through this vulnerability.
Lotus plans to fix this issue in a future release of Notes.
Disable execution of Java applets in Notes preferences. For more details, see <http://www-1.ibm.com/support/docview.wss?uid=swg21102440>.
959207
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 03, 2001 Updated: March 30, 2006
Affected
[Lotus has published] Technote # 183400, […], which documents this issue, including workarounds:
<http://www-1.ibm.com/support/docview.wss?uid=swg21102440>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23959207 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Hiromitsu Takagi for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
CVE IDs: | CVE-2000-1117 |
---|---|
Severity Metric: | 0.06 Date Public: |