Detections
Analytics

IBM Lotus Domino Crafted .nsf Request Authentication Bypass

medium Nessus Plugin ID 10953

Synopsis

A web application on the remote host has an authentication bypass vulnerability.

Description

By creating a specially crafted URL, the authentication mechanism of the Domino database can be circumvented. These URLs should look like :

 http://host.com/<databasename>.ntf<buff>.nsf/

in which <buff> has a certain length.

Solution

Upgrade to the latest version of Domino.

See Also

https://seclists.org/bugtraq/2002/Feb/30

https://seclists.org/bugtraq/2002/Feb/33

Plugin Details

Severity: Medium

ID: 10953

File Name: domino_authentication_bypass.nasl

Version: 1.35

Type: remote

Family: Web Servers

Published: 5/12/2002

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:ibm:lotus_domino

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2/3/2002

Reference Information

CVE: CVE-2001-1567

BID: 4022