Rapid7 Vulnerability & Exploit Database

Lotus Notes/Domino /.nsf Directory Traversal

Back to Search

Lotus Notes/Domino /.nsf Directory Traversal

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
02/12/2001
Created
07/25/2018
Added
11/01/2004
Modified
12/04/2013

Description

The HTTP service in Lotus Domino 5 through release 5.0.6 allow files to be read from the file system. If the location of the file is known, and is on the same disk as the Domino installation, URLs such as the following can be used to access the file:

http://domino-server/.nsf/../winnt/win.ini

Solution(s)

  • lotus-domino-upgrade-r5-5_0_6a

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;