| Vulnerability Name: | CVE-2000-1117 (CCN-5565) | ||||||||
| Assigned: | 2000-11-24 | ||||||||
| Published: | 2000-11-24 | ||||||||
| Updated: | 2008-09-10 | ||||||||
| Summary: | The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: BUGTRAQ Type: UNKNOWN 20001124 Security Hole in ECL Feature of Java VM Embedded in Lotus Notes Client R5 Source: MITRE Type: CNA CVE-2000-1117 Source: CCN Type: Lotus Customer Support Technote #183400 Lotus Notes Client R5 File Existence Verification Vulnerability Source: CCN Type: US-CERT VU#959207 Lotus Notes Java VM leaks file existence through timing difference in ECLs Source: CCN Type: BugTraq Mailing List, Fri Nov 24 2000 22:26:50 Security Hole in ECL Feature of Java VM Embedded in Lotus Notes Client R5 Source: CCN Type: Lotus Notes.net Iris Today Staying Alert with Execution Control Lists Source: CCN Type: OSVDB ID: 10807 IBM Lotus Notes Client JVM ECL getSystemResource Method File Existence Disclosure Source: BID Type: Exploit, Vendor Advisory 1994 Source: CCN Type: BID-1994 Lotus Notes Client R5 File Existence Verification Vulnerability Source: XF Type: UNKNOWN lotus-notes-verify-files(5565) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||