Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Notes/Domino 8 Forum

Notes/Domino 8 Forum
Previous Next
Subject: Internal Netwok name Disclosure Vulnerability
Feedback Type: Suggestion
Product Area: Domino Web Access (DWA)
Technical Area: Security
Platform: Windows 2003 server
Release: 8.0
Reproducible: -Reproducibility-

Dear Support

According to external audits ,gave following vulnerability in our domino web server , its says following .

observation: An attacker connected to a host on your network using HTTPS (typically on port 443) could craft a specially formed GET request from the Web server resulting in a 3XX Object Moved error message containing the internal IP address or internal network name of the Web server

Recommendation :

Modify the Apache configuration file as Set "ServerName" to a proper FQDN.
Use module mod_rewrite to modify the 3xx error message returned by the server.

Please give instruction to avoid this

Regards
Dayantha


Feedback number WEBB7QB7UP created by ~Dana Xanpone on 03/20/2009


Internal Netwok name Disclosure Vul... (~Dana Xanpone 20.Mar.09)
. . Contact IBM Lotus Support on-this..... (~Holly Lopfooko... 20.Mar.09)




Printer-friendly

Search this forum

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS