IBM Lotus Domino Administration Databases Anonymous Access

This script is Copyright (C) 2001-2016 Javier Fernandez-Sanguino Pena


Synopsis :

The remote service is affected by information disclosure
vulnerabilities.

Description :

The remote Lotus Domino server allows an anonymous user to access
sensitive information such as users, databases, configuration of
servers (including operating system and hard disk partitioning),
and logs of access to users (which could expose sensitive data if
GET html forms are used).

See also :

http://www.nessus.org/u?f7d0660f
http://www-1.ibm.com/support/docview.wss?uid=swg27002555
http://seclists.org/bugtraq/2002/Sep/51

Solution :

Verify all of the ACLs for the available databases and remove those
that are not needed.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:U/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 10629 (domino_default_db.nasl)

Bugtraq ID: 5101

CVE ID: CVE-2002-0664

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now