IBM Lotus Domino Server Crafted .nsf Request Traversal Arbitrary File Access

Medium Nessus Plugin ID 12248


The remote web server is susceptible to a directory traversal attack.


Using a specially crafted request URL containing '.nsf/..', the installed version of Lotus Domino on the remote host can be abused to reveal the contents of arbitrary files on the server.


Upgrade to version 5.0.6a or higher.

See Also

Plugin Details

Severity: Medium

ID: 12248

File Name: notesinicheck.nasl

Version: $Revision: 1.13 $

Type: remote

Family: Web Servers

Published: 2004/05/25

Modified: 2016/10/27

Dependencies: 10107

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:W/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2001/01/05

Reference Information

CVE: CVE-2001-0009

BID: 2173

OSVDB: 1703