CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#984555

Default installations of the Lotus Domino web server disclose system information via HTTP headers

Overview

The default configuration of the Lotus Domino web server discloses system characteristics to anonymous remote users.

I. Description

The default configuration of the Lotus Domino web server discloses system information in the HTTP headers it returns to a web browser. If these headers are intercepted and viewed by a user browsing an affected Domino server, the headers will reveal the release version, build date, and operating system of the web server.

II. Impact

This vulnerability presents an information leak that allows an attacker to identify system characteristics.

III. Solution

Apply a patch from your vendor

Lotus has released a patch that addresses this vulnerability; for further information, please see the Systems Affected section of this document.

Systems Affected

VendorStatusDate Updated
LotusVulnerable20-Sep-2001

References


http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=AWHN4A8QWM

Credit

This vulnerability was reported to the Bugtraq mailing list on September 19, 2001.

This document was written by Jeffrey P. Lanza.

Other Information

Date Public06/14/2000
Date First Published09/20/2001 06:51:56 PM
Date Last Updated01/10/2002
CERT Advisory 
CVE Name 
Metric0.23
Document Revision7

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2001 Carnegie Mellon University