Vulnerability CVE-2002-0245 - CERT Civis.Net

Vulnerability Name:

CVE-2002-0245 (CCN-8160)

Assigned:

2002-02-07

Published:

2002-02-07

Updated:

2016-10-18

Summary:

Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: BugTraq Mailing List, Thu Feb 07 2002 - 11:32:15 CST
Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service

Source: CCN
Type: BugTraq Mailing List, Tue Apr 02 2002 - 08:18:06 CST
KPMG-2002006: Lotus Domino Physical Path Revealed

Source: CCN
Type: BugTraq Mailing List, Sun Mar 03 2002 - 06:01:01 CST
Re: KPMG-2002006: Lotus Domino Physical Path Revealed

Source: MITRE
Type: CNA
CVE-2002-0245

Source: BUGTRAQ
Type: UNKNOWN
20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service

Source: CONFIRM
Type: UNKNOWN
http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E985256B64005AEB0F

Source: XF
Type: Patch, Vendor Advisory
lotus-domino-reveal-information(8160)

Source: CCN
Type: OSVDB ID: 15453
IBM Lotus Domino htcgibin.exe HTTP 500 Error Server Version Disclosure

Source: CCN
Type: OSVDB ID: 828
IBM Lotus Domino Nonexistent .pl File Path Disclosure

Source: BID
Type: UNKNOWN
4049

Source: CCN
Type: BID-4049
Lotus Domino Banner Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
lotus-domino-reveal-information(8160)

Vulnerable Configuration:

Configuration 1:

cpe:/a:lotus:domino:5.0:*:*:*:*:*:*:*

OR cpe:/a:lotus:domino:5.0.1:*:*:*:*:*:*:*

OR cpe:/a:lotus:domino:5.0.2:*:*:*:*:*:*:*

OR cpe:/a:lotus:domino:5.0.3:*:*:*:*:*:*:*

OR cpe:/a:lotus:domino:5.0.4:*:*:*:*:*:*:*

OR cpe:/a:lotus:domino:5.0.4a:*:*:*:*:*:*:*

OR cpe:/a:lotus:domino:5.0.5:*:*:*:*:*:*:*

OR cpe:/a:lotus:domino:5.0.6:*:*:*:*:*:*:*

OR cpe:/a:lotus:domino:5.0.6a:*:*:*:*:*:*:*

OR cpe:/a:lotus:domino:5.0.7:*:*:*:*:*:*:*

OR cpe:/a:lotus:domino:5.0.7a:*:*:*:*:*:*:*

OR cpe:/a:lotus:domino:5.0.8:*:*:*:*:*:*:*

OR cpe:/a:lotus:domino:5.0.9:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:lotus_domino:5.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:lotus_domino:5.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:lotus_domino:5.0.4a:*:*:*:*:*:*:*

OR cpe:/a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:lotus_domino:5.0.6a:*:*:*:*:*:*:*

OR cpe:/a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*

Denotes that component is vulnerable