Summary
This script determines if some default databases can be read remotely.
An anonymous user can retrieve information from this Lotus Domino server: users, databases, configuration of servers (including operating system and hard
disk partitioning), logs of access to users (which could expose sensitive data if GET html forms are used)..
This issues are discussed in 'Lotus White Paper:
A Guide to Developing Secure Domino Applications' (december 1999) http://www.lotus.com/developers/devbase.nsf/articles/doc1999112200
Solution
verify all the ACLs for these databases and remove those not needed # This really could be high if, for example some
# sensitive data, but same databases do not give
# much information. Make separate tests for each?
Severity
Classification
-
CVE CVE-2000-0021, CVE-2002-0664 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities