This script is Copyright (C) 1999-2013 Tenable Network Security, Inc.
Databases can be browsed on the remote web server.
It is possible to browse the remote web server directories by
appending '?open' to the end of the URL. For example :
Data that can be accessed by unauthorized users may include usernames,
server names and IP addresses, dial-up server phone numbers,
administration logs, files names, and data files (including credit
card information, proprietary corporate data, and other information
stored in eCommerce related databases.) In some instances, it may be
possible for an unauthorized user to modify these files or perform
server administration functions via the web administration interface.
See also :
Disable the database browsing. To do this :
1. From the Domino Administrator, select the Configuration tab, and
open the Server document,
2. Select Internet Protocols - HTTP tab,
3. In the 'Allow HTTP clients to browse databases' field, choose No,
4. Save the document.
Risk factor :
Medium / CVSS Base Score : 6.8
Family: Web Servers
Nessus Plugin ID: 10057 (domino.nasl)
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.