Lotus Notes ?OpenServer Information Disclosure Network Vulnerability

Summary

A default behavior of Lotus Notes allows remote users to enumerate existing databases on a remote Domino (Lotus Notes) server. This information is considered sensitive, since it might reveal versions, logs, statistics, etc.

Solution

To disable this behavior open names.nsf and edit the Servers document in the Server view. From the Internet Protocols tab set 'Allow HTTP Clients to browse databases' to No. This command doesn't affect a single database - it is a server-wide issue. Additional information: http://www.securiteam.com/securitynews/6W0030U35W.html http://online.securityfocus.com/archive/1/223810

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

IBM WebSphere Application Server (WAS) Security Bypass Vulnerability
IBM WebSphere Application Server (WAS) Cross-site Scripting Vulnerability
Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
F*EX (Frams's Fast File EXchange) Multiple XSS Vulnerabilities
jHTTPd Directory Traversal Vulnerability

Take action and discover your vulnerabilities