vendor:
Lotus Domino
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Lotus Domino
Affected Version From: 6.5.2001
Affected Version To: 6.5.2001
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
Lotus Domino Directory Traversal Vulnerability
It has been reported that Lotus Domino may be prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory. The issue reportedly exists in the server's administrative interface accessed via 'webadmin.nsf'. The vulnerability may be exploited by a remote attacker by traversing outside the server root directory by using '../' directory traversal character sequences. Successful exploitation of this vulnerability may allow a remote attacker to gain access to sensitive information and/or modify the underlying file system.
Mitigation:
Ensure that the server is running the latest version of Lotus Domino and that all security patches have been applied.
