HTTP: Lotus Domino .nsf Password Bypass

This signature detects attempts to exploit a known vulnerability in Lotus Domino Web Server 5.0.8. Attackers can send a malformed URL to the daemon to bypass password protection on internal databases and obtain sensitive information that is normally restricted to administrator access.

Extended Description

Lotus Domino Server is an application framework for web based collaborative software. It runs on multiple platforms including Windows and Unix. Database files (.nsf) may be protected with a password under Domino. If a remote request for the file is submitted with a maliciously constructed filename of the correct length, the authentication process may be bypassed. There have been multiple reports that this is a known issue, and only allows the remote user to access template (.ntf) files. There have been reports that this issue is fixed in Domino 5.0.9.

Affected Products

Lotus domino,Lotus domino

References

BugTraq: 4022

CVE: CVE-2001-1567

URL: http://www.securityfocus.com/archive/1/223812 http://www.nextgenss.com/papers/hpldws.pdf http://nvd.nist.gov/nvd.cfm?cvename=CVE-2001-1567

Short Name

HTTP:DOMINO:NSF-PASSWORD-BYPASS

Severity

Minor

Recommended

False

Recommended Action

None

HTTP: Lotus Domino .nsf Password Bypass

Extended Description

Affected Products

References

Found a potential security threat?