Back to search
CVE-2002-0407
Published: Jun 11, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20020402 KPMG-2002006: Lotus Domino Physical Path Revealed
mailing-list
x_refsource_BUGTRAQ
20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service
mailing-list
x_refsource_BUGTRAQ
4406
vdb-entry
x_refsource_BID
lotus-domino-reveal-information(8160)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now