Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Notes/Domino 8 Forum

Notes/Domino 8 Forum
Previous Next
Subject: Domino HTTP Server Internal Path Disclosure
Feedback Type: Problem
Product Area: Domino Server
Technical Area: Security
Platform: Windows 2003 server
Release: 8.0
Reproducible: Always

I have received a security alert from our Securiy Compliance service and they have noted that we have an issue:

Domino HTTP Server Internal Path Disclosure

It is possible to get the absolute path leading to the remote /cgi-bin
directory by requesting a bogus cgi (like : 'GET /cgi-bin/blah'). This
problem can be used to obtain OS and installation details.
Service: Lotus-Domino
CVE: CVE-2000-0021
NVD: CVE-2000-0021
Bugtraq: 881
Reference:
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N (Base Score: 5.00

BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service
BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack

Can I please get more information regarding this issue and remediation to resolve this issue?

thanks,

john


Feedback number WEBB7HGMU8 created by ~Lisa Fezwevitchoopsi on 08/13/2008


Domino HTTP Server Internal Path Di... (~Lisa Fezwevitc... 13.Aug.08)
. . What version of Domino are you runn... (~Anita Asafreez... 13.Aug.08)
. . Interesting, I got the following fr... (~Anita Minaster... 14.Aug.08)
. . . . You have control over TRACE, TRACK ... (~Wendy Dwonugen... 20.Aug.08)
. . . . . . *Thanks, I found that and we passed... (~Anita Minaster... 20.Aug.08)




Printer-friendly

Search this forum

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS