CVE-2003-1408
https://notcve.org/view.php?id=CVE-2003-1408
Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. • http://www.securityfocus.com/archive/1/311660 http://www.securityfocus.com/archive/1/311806 http://www.securityfocus.com/bid/6841 https://exchange.xforce.ibmcloud.com/vulnerabilities/11311 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2002-0407
https://notcve.org/view.php?id=CVE-2002-0407
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 http://www.iss.net/security_center/static/8160.php http://www.securityfocus.com/archive/1/265380 http://www.securityfocus.com/bid/4406 •
CVE-2002-0408
https://notcve.org/view.php?id=CVE-2002-0408
htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 http://marc.info/?l=bugtraq&m=101785616526383&w=2 http://www.securityfocus.com/bid/4049 •
CVE-2002-0245
https://notcve.org/view.php?id=CVE-2002-0245
Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message. El servidor 5.0.8 de Lotus Domino con NoBanner habilitado permite que atacantes remotos (1) conozcan el path físico del servidor por medio de una petición de un fichero no existente con una estensión .pl (Perl), lo cual hace que se muestre el path absoluto en el mensaje de error, o (2) hagan cualquier petición que cause el error 500 de HTTP, lo cual lleva a que aparezca el nombre de la versión del servidor en el mensaje de error HTTP. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E985256B64005AEB0F http://www.iss.net/security_center/static/8160.php http://www.securityfocus.com/bid/4049 •
CVE-2001-0846
https://notcve.org/view.php?id=CVE-2001-0846
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf). • http://marc.info/?l=bugtraq&m=100448721830960&w=2 http://www.iss.net/security_center/static/7424.php http://www.osvdb.org/1979 https://exchange.xforce.ibmcloud.com/vulnerabilities/7424 •