Lucene search

MitreCVE-2001-1567

HistoryJul 14, 2005 - 4:00 a.m.

CVE-2001-1567

2005-07-1404:00:00

mitre

web.nvd.nist.gov

cve-2001-1567

lotus domino server

security flaw

remote access

notes database files

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

56.3%

JSON

Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of “+” characters before the .nsf file extension, which are converted to spaces by Domino.

Affected configurations

Nvd

Node

ibmlotus_dominoMatch5.0

ibmlotus_dominoMatch5.0.1

ibmlotus_dominoMatch5.0.2

ibmlotus_dominoMatch5.0.3

ibmlotus_dominoMatch5.0.4solaris

ibmlotus_dominoMatch5.0.5

ibmlotus_dominoMatch5.0.6

ibmlotus_dominoMatch5.0.7solaris

ibmlotus_dominoMatch5.0.7a

ibmlotus_dominoMatch5.0.8

ibmlotus_dominoMatch5.0.9

ibmlotus_domino_serverRange≤5.0.9a

VendorProductVersionCPE
ibmlotus_domino5.0cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*
ibmlotus_domino5.0.1cpe:2.3:a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*
ibmlotus_domino5.0.2cpe:2.3:a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*
ibmlotus_domino5.0.3cpe:2.3:a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*
ibmlotus_domino5.0.4cpe:2.3:a:ibm:lotus_domino:5.0.4:*:solaris:*:*:*:*:*
ibmlotus_domino5.0.5cpe:2.3:a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*
ibmlotus_domino5.0.6cpe:2.3:a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*
ibmlotus_domino5.0.7cpe:2.3:a:ibm:lotus_domino:5.0.7:*:solaris:*:*:*:*:*
ibmlotus_domino5.0.7acpe:2.3:a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*
ibmlotus_domino5.0.8cpe:2.3:a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus_domino	5.0	cpe:2.3:a:ibm:lotus_domino:5.0:::::::*
ibm	lotus_domino	5.0.1	cpe:2.3:a:ibm:lotus_domino:5.0.1:::::::*
ibm	lotus_domino	5.0.2	cpe:2.3:a:ibm:lotus_domino:5.0.2:::::::*
ibm	lotus_domino	5.0.3	cpe:2.3:a:ibm:lotus_domino:5.0.3:::::::*
ibm	lotus_domino	5.0.4	cpe:2.3:a:ibm:lotus_domino:5.0.4::solaris:::::
ibm	lotus_domino	5.0.5	cpe:2.3:a:ibm:lotus_domino:5.0.5:::::::*
ibm	lotus_domino	5.0.6	cpe:2.3:a:ibm:lotus_domino:5.0.6:::::::*
ibm	lotus_domino	5.0.7	cpe:2.3:a:ibm:lotus_domino:5.0.7::solaris:::::
ibm	lotus_domino	5.0.7a	cpe:2.3:a:ibm:lotus_domino:5.0.7a:::::::*
ibm	lotus_domino	5.0.8	cpe:2.3:a:ibm:lotus_domino:5.0.8:::::::*

Rows per page:

1-10 of 121

References

marc.info/?l=bugtraq&m=101284222932568&w=2

marc.info/?l=bugtraq&m=101285903120879&w=2

marc.info/?l=bugtraq&m=101286525008089&w=2

www.iss.net/security_center/static/8072.php

www.nextgenss.com/papers/hpldws.pdf

www.securityfocus.com/bid/4022

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

56.3%

JSON

Related for CVE-2001-1567