HTTP: Lotus Domino CSP Source Code Disclosure

This signature detects attempts to exploit a known vulnerability in Lotus Domino Web server. Lotus Domino versions 5 and 6 are vulnerable. Attackers can append characters to the end of the path in a URL request to the Web server daemon to return the source code of a Crystal Reports script (.csp). Attackers can use variations of this exploit to read the source code of other file types that the Web server daemon normally executes.

Extended Description

Remote attackers could exploit this vulnerability to obtain confidential information, such as user accounts, from a vulnerable server.

Short Name
HTTP:DOMINO:CSP-SRC-DISCLOSURE
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CSP Code Disclosure Domino Lotus Source
Release Date
04/22/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown

Found a potential security threat?