Page 2 of 9 results (0.004 seconds)

CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 4

Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner. • https://www.exploit-db.com/exploits/21996 http://www.iss.net/security_center/static/10557.php http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2 http://www.securityfocus.com/bid/6128 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 http://www.iss.net/security_center/static/8160.php http://www.securityfocus.com/archive/1/265380 http://www.securityfocus.com/bid/4406 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 http://marc.info/?l=bugtraq&m=101785616526383&w=2 http://www.securityfocus.com/bid/4049 •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message. El servidor 5.0.8 de Lotus Domino con NoBanner habilitado permite que atacantes remotos (1) conozcan el path físico del servidor por medio de una petición de un fichero no existente con una estensión .pl (Perl), lo cual hace que se muestre el path absoluto en el mensaje de error, o (2) hagan cualquier petición que cause el error 500 de HTTP, lo cual lleva a que aparezca el nombre de la versión del servidor en el mensaje de error HTTP. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E985256B64005AEB0F http://www.iss.net/security_center/static/8160.php http://www.securityfocus.com/bid/4049 •