CVE-2001-1567

critical

Description

Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.

References

http://www.securityfocus.com/bid/4022

http://www.nextgenss.com/papers/hpldws.pdf

http://www.iss.net/security_center/static/8072.php

http://marc.info/?l=bugtraq&m=101286525008089&w=2

http://marc.info/?l=bugtraq&m=101285903120879&w=2

http://marc.info/?l=bugtraq&m=101284222932568&w=2

Details

Source: Mitre, NVD

Published: 2001-12-31

Updated: 2016-10-18

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical