By specifying its Replica ID, an attacker can successfully request the Web Administrator
database template from a Domino HTTP server. Access to this template allows an attacker
to learn information about the server, including the fully qualified Notes server name and
domain, the underlying operating system, and the exact version of Notes in use.
Using variants on the specially crafted URL, an attacker can read arbitrary files on the
server (including the server.id file and /etc/passwd) and can list all of the Notes
databases on the server. This is a very severe vulnerability that can lead to the
compromise of the server machine and of all Domino servers in your domain.