Summary
By creating a specially crafted url, the authentication mechanism of Domino database can be circumvented. These urls should look like:
http://host.com/<databasename>.ntf<buff>.nsf/ in which <buff> has a certain length.
Solution
Upgrade to the latest version of Domino.
Severity
Classification
-
CVE CVE-2001-1567 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability
- CERN HTTPD access control bypass
- IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability
- LiteSpeed Web Server Source Code Information Disclosure Vulnerability
- IBM WebSphere Application Multiple Vulnerabilities Jul-11