Lucene search
MitreCVE-2000-1117HistoryJan 09, 2001 - 5:00 a.m.
CVE-2000-1117
2001-01-0905:00:00
CWE-203
mitre
web.nvd.nist.gov
39
cve-2000-1117
ecl
jvm
lotus notes client r5
malicious
getsystemresource method
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
High
EPSS
0.003
Percentile
70.4%
The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.
Affected configurations
Node
ibmlotus_notesMatchr5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | lotus_notes | r5 | cpe:2.3:a:ibm:lotus_notes:r5:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2000-1117
2000-12-19 05:00:00
cert
cert
Lotus Notes Java VM leaks file existence through timing difference in ECLs
2001-05-14 00:00:00
nvd
nvd
CVE-2000-1117
2001-01-09 05:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
High
EPSS
0.003
Percentile
70.4%
Related for CVE-2000-1117