Lotus Domino标语信息泄露漏洞

漏洞信息详情

Lotus Domino标语信息泄露漏洞

• CNNVD编号：CNNVD-200207-102
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2002-0408
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2002-07-26
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  lotus
• 漏洞来源：
  Discovered by Nico…

Lotus Domino server 5.0.9a版本及之前版本的htcgibin.exe在配置NoBanner设置时存在漏洞。远程攻击者可以借助产生HTTP 500出错代码的请求确定服务器的版本号，该漏洞在硬编码的出错消息中泄露了版本。

This issue has been addressed in versions 5.09a and later. Those affected are advised to upgrade.
Lotus Domino 5.0

• IBM Lotus Domino 5.0.10
  
  http://www.notes.net/qmrdown.nsf

Lotus Domino 5.0.1

• IBM Lotus Domino 5.0.10
  
  http://www.notes.net/qmrdown.nsf

Lotus Domino 5.0.2

• IBM Lotus Domino 5.0.10
  
  http://www.notes.net/qmrdown.nsf

Lotus Domino 5.0.3

• IBM Lotus Domino 5.0.10
  
  http://www.notes.net/qmrdown.nsf

Lotus Domino 5.0.4 a

• IBM Lotus Domino 5.0.10
  
  http://www.notes.net/qmrdown.nsf

Lotus Domino 5.0.4

• IBM Lotus Domino 5.0.10
  
  http://www.notes.net/qmrdown.nsf

Lotus Domino 5.0.5

• IBM Lotus Domino 5.0.10
  
  http://www.notes.net/qmrdown.nsf

Lotus Domino 5.0.6

• IBM Lotus Domino 5.0.10
  
  http://www.notes.net/qmrdown.nsf

Lotus Domino 5.0.6 a

• IBM Lotus Domino 5.0.10
  
  http://www.notes.net/qmrdown.nsf

Lotus Domino 5.0.7

• IBM Lotus Domino 5.0.10
  
  http://www.notes.net/qmrdown.nsf

Lotus Domino 5.0.7 a

• IBM Lotus Domino 5.0.10
  
  http://www.notes.net/qmrdown.nsf

Lotus Domino 5.0.8

• IBM Lotus Domino 5.0.10
  
  http://www.notes.net/qmrdown.nsf

Lotus Domino 5.0.9

• IBM Lotus Domino 5.0.10
  
  http://www.notes.net/qmrdown.nsf

来源: BID
名称: 4049
链接:http://www.securityfocus.com/bid/4049

来源: BUGTRAQ
名称: 20020303 Re: KPMG-2002006: Lotus Domino Physical Path Revealed
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101785616526383&w=2

来源: BUGTRAQ
名称: 20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101310812804716&w=2