Short Name |
HTTP:DOMINO:CSP-SRC-DISCLOSURE |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Lotus Domino CSP Source Code Disclosure |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Lotus Domino Web server. Lotus Domino versions 5 and 6 are vulnerable. Attackers can append characters to the end of the path in a URL request to the Web server daemon to return the source code of a Crystal Reports script (.csp). Attackers can use variations of this exploit to read the source code of other file types that the Web server daemon normally executes.
Remote attackers could exploit this vulnerability to obtain confidential information, such as user accounts, from a vulnerable server.