Detections
Analytics

IBM Lotus Domino ?ReadDesign Request Design Element Disclosure

medium Nessus Plugin ID 12249

Language:

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The remote web server allows an attacker to view an XML list of design elements by sending a specially crafted HTTP request to the remote Lotus Domino server:

http://[target]/names.nsf/view?ReadDesign

Solution

As a workaround, an administrator can create a server redirection document that will redirect incoming URLs with 'ReadDesign' to a custom error page (e.g., /CustomError).

See Also

http://www.nessus.org/u?06bb48db

Plugin Details

Severity: Medium

ID: 12249

File Name: readdesigncheck.nasl

Version: 1.21

Type: remote

Family: Web Servers

Published: 5/26/2004

Updated: 3/10/2020

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the limited information available

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual