APP: IBM Lotus Domino Remote Console Auth Bypass
This signature detects attempts to exploit a known vulnerability against IBM Lotus Domino. Attackers could bypass security restrictions to gain unauthorized access to user accounts and execute arbitrary code.
Extended Description
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.
Affected Products
Ibm lotus_domino
References
BugTraq: 46985
CVE: CVE-2011-1519
URL: http://www-142.ibm.com/software/sw-lotus/products/product4.nsf/wdocs/dominohomepage
Short Name
APP:IBM:DOMINO-BYPASS-1
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
Auth Bypass CVE-2011-1519 Console Domino IBM Lotus Remote bid:46985
Release Date
01/07/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
tcp/49152
False Positive
Unknown
Vendors
Ibm
CVSS Score
10.0