Vulnerability   
Search   
    Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.10057
Category:Remote file access
Title:Lotus Domino ?open Vulnerability
Summary:NOSUMMARY
Description:Description:
It is possible to browse the
remote web server directories by appending ?open
at the end of the URL. Like :

http://www.example.com/?open


Data that can be accessed by unauthorized users
may include: usernames, server names and IP addresses,
dial-up server phone numbers, administration logs, files
names, and data files (including credit card information,
proprietary corporate data, and other information stored in
eCommerce related databases.) In some instances, it may
be possible for an unauthorized user to modify these files
or perform server administration functions via the web
administration interface.

Reference : http://online.securityfocus.com/archive/1/10820

Solution :
Disable the database browsing. To do this :
1. From the Domino Administrator, click the
Configuration tab, and open the Server
document,
2. Click the Internet Protocols - HTTP tab,
3. In the 'Allow HTTP clients to browse databases'
field, choose No,
4. Save the document.

Risk factor : High

CopyrightThis script is Copyright (C) 1999 Renaud Deraison

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.