Lotus Domino ?open Forced Directory Listing

2001-10-21T00:00:00
ID OSVDB:49
Type osvdb
Reporter OSVDB
Modified 2001-10-21T00:00:00

Description

Vulnerability Description

Lotus Domino contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user attempts to browse a directory, which will disclose the names and locations of the Notes databases resulting in a loss of confidentiality.

Technical Description

This is a feature of Lotus Domino that should be turned OFF. It is OFF by default in versions of Lotus Domino greater than 5.0.9, but could be turned on through administrator action.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Using the Domino Administrator set "Allow HTTP clients to browse databases" to NO.

Short Description

Lotus Domino contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user attempts to browse a directory, which will disclose the names and locations of the Notes databases resulting in a loss of confidentiality.

References:

Vendor URL: http://www.lotus.com/ Vendor Specific Solution URL: http://www-10.lotus.com/ldd/today.nsf/lookup/Open_Server_agent Nessus Plugin ID:10057 ISS X-Force ID: 10427 Generic Informational URL: http://www-10.lotus.com/ldd/today.nsf/lookup/security_overview Generic Informational URL: http://www.nextgenss.com/papers/hpldws.pdf Generic Informational URL: http://www-1.ibm.com/support/docview.wss?uid=sim261fe79432dcd724f85256cc300008d92