IBM Lotus Domino Directory Traversal Arbitrary File Access

Medium Nessus Plugin ID 11344


Arbitrary files may be read on the remote host.


It is possible to read arbitrary files on the remote server by prepending %00%00.nsf/../ in front of it.


Upgrade to a newer version.

Plugin Details

Severity: Medium

ID: 11344

File Name: domino_traversal.nasl

Version: $Revision: 1.22 $

Type: remote

Family: Web Servers

Published: 2003/03/10

Modified: 2015/01/22

Dependencies: 10107, 11919, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:W/RC:ND

Vulnerability Information

CPE: cpe:/a:ibm:lotus_domino

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2001/01/05

Reference Information

CVE: CVE-2001-0009

BID: 2173

OSVDB: 1703