SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#984555

Default installations of the Lotus Domino web server disclose system information via HTTP headers

Overview

The default configuration of the Lotus Domino web server discloses system characteristics to anonymous remote users.

I. Description

The default configuration of the Lotus Domino web server discloses system information in the HTTP headers it returns to a web browser. If these headers are intercepted and viewed by a user browsing an affected Domino server, the headers will reveal the release version, build date, and operating system of the web server.

II. Impact

This vulnerability presents an information leak that allows an attacker to identify system characteristics.

III. Solution

Apply a patch from your vendor

Lotus has released a patch that addresses this vulnerability; for further information, please see the Systems Affected section of this document.

Systems Affected

VendorStatusDate NotifiedDate Updated
LotusVulnerable20-Sep-2001

References

http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=AWHN4A8QWM

Credit

This vulnerability was reported to the Bugtraq mailing list on September 19, 2001.

This document was written by Jeffrey P. Lanza.

Other Information

Date Public:2000-06-14
Date First Published:2001-09-20
Date Last Updated:2002-01-10
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Severity Metric:0.23
Document Revision:7

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2001 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader