IBM Lotus Domino ?ReadDesign Request Design Element Disclosure

medium Nessus Plugin ID 12249

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The remote web server allows an attacker to view an XML list of design elements by sending a specially crafted HTTP request to the remote Lotus Domino server:

http://[target]/names.nsf/view?ReadDesign

Solution

As a workaround, an administrator can create a server redirection document that will redirect incoming URLs with 'ReadDesign' to a custom error page (e.g., /CustomError).

See Also

http://www.nessus.org/u?06bb48db

Plugin Details

Severity: Medium

ID: 12249

File Name: readdesigncheck.nasl

Version: 1.21

Type: remote

Family: Web Servers

Published: 5/26/2004

Updated: 3/10/2020

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the limited information available

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual