Vulnerability Details CVE-2001-1567
Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=101284222932568&w=2
- http://marc.info/?l=bugtraq&m=101285903120879&w=2
- http://marc.info/?l=bugtraq&m=101286525008089&w=2
- http://www.iss.net/security_center/static/8072.php
- http://www.nextgenss.com/papers/hpldws.pdf
- http://www.securityfocus.com/bid/4022
- http://marc.info/?l=bugtraq&m=101284222932568&w=2
- http://marc.info/?l=bugtraq&m=101285903120879&w=2
- http://marc.info/?l=bugtraq&m=101286525008089&w=2
- http://www.iss.net/security_center/static/8072.php
- http://www.nextgenss.com/papers/hpldws.pdf
- http://www.securityfocus.com/bid/4022
Products affected by CVE-2001-1567
-
cpe:2.3:a:ibm:lotus_domino:5.0
-
cpe:2.3:a:ibm:lotus_domino:5.0.1
-
cpe:2.3:a:ibm:lotus_domino:5.0.2
-
cpe:2.3:a:ibm:lotus_domino:5.0.3
-
cpe:2.3:a:ibm:lotus_domino:5.0.4
-
cpe:2.3:a:ibm:lotus_domino:5.0.5
-
cpe:2.3:a:ibm:lotus_domino:5.0.6
-
cpe:2.3:a:ibm:lotus_domino:5.0.7
-
cpe:2.3:a:ibm:lotus_domino:5.0.7a
-
cpe:2.3:a:ibm:lotus_domino:5.0.8
-
cpe:2.3:a:ibm:lotus_domino:5.0.9
-
cpe:2.3:a:ibm:lotus_domino_server:-
-
cpe:2.3:a:ibm:lotus_domino_server:4.5
-
cpe:2.3:a:ibm:lotus_domino_server:4.6
-
cpe:2.3:a:ibm:lotus_domino_server:4.6.1
-
cpe:2.3:a:ibm:lotus_domino_server:4.6.3
-
cpe:2.3:a:ibm:lotus_domino_server:4.6.4
-
cpe:2.3:a:ibm:lotus_domino_server:5
-
cpe:2.3:a:ibm:lotus_domino_server:5.0
-
cpe:2.3:a:ibm:lotus_domino_server:5.0.1
-
cpe:2.3:a:ibm:lotus_domino_server:5.0.2
-
cpe:2.3:a:ibm:lotus_domino_server:5.0.3
-
cpe:2.3:a:ibm:lotus_domino_server:5.0.4
-
cpe:2.3:a:ibm:lotus_domino_server:5.0.5
-
cpe:2.3:a:ibm:lotus_domino_server:5.0.6
-
cpe:2.3:a:ibm:lotus_domino_server:5.0.7
-
cpe:2.3:a:ibm:lotus_domino_server:5.0.7a
-
cpe:2.3:a:ibm:lotus_domino_server:5.0.8
-
cpe:2.3:a:ibm:lotus_domino_server:5.0.9
-
cpe:2.3:a:ibm:lotus_domino_server:5.0.9a