Lotus Domino Server Vulnerability Allows Remote File Access
CVE-2001-1567

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Domino; Lotus Domino Server
Vendor: CVE Published:; 31 December 2001

Summary

Lotus Domino Server versions 5.0.9a and earlier exhibit a security flaw that allows remote attackers to bypass established security restrictions. By sending an HTTP request containing an excessive number of '+' characters preceding the .nsf file extension, which are subsequently converted to spaces by the Domino server, attackers can potentially view sensitive Notes database files and template files (.ntf). This vulnerability undermines data confidentiality and presents significant risks for information exposure.

References

http://marc.info/?l=bugtraq&m=101285903120879&w=2

mailing-listx_refsource_BUGTRAQ

http://marc.info/?l=bugtraq&m=101284222932568&w=2

mailing-listx_refsource_BUGTRAQ

http://www.iss.net/security_center/static/8072.php

vdb-entryx_refsource_XF

Timeline

Vulnerability Reserved
Jul 14, 2005
Vulnerability published
Dec 31, 2001