IBM Lotus Domino Administration Databases Anonymous Access

This script is Copyright (C) 2001-2015 Javier Fernandez-Sanguino Pena

Synopsis :

The remote service is affected by information disclosure

Description :

The remote Lotus Domino server allows an anonymous user to access
sensitive information such as users, databases, configuration of
servers (including operating system and hard disk partitioning),
and logs of access to users (which could expose sensitive data if
GET html forms are used).

See also :

Solution :

Verify all of the ACLs for the available databases and remove those
that are not needed.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 10629 (domino_default_db.nasl)

Bugtraq ID: 5101

CVE ID: CVE-2002-0664