Signature Detail
Short Name |
HTTP:DOMINO:CSP-SRC-DISCLOSURE |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
lotus domino csp source disclosure |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Lotus Domino CSP Source Code Disclosure
This signature detects attempts to exploit a known vulnerability in Lotus Domino Web server. Lotus Domino versions 5 and 6 are vulnerable. Attackers can append characters to the end of the path in a URL request to the Web server daemon to return the source code of a Crystal Reports script (.csp). Attackers can use variations of this exploit to read the source code of other file types that the Web server daemon normally executes.
Extended Description
Remote attackers could exploit this vulnerability to obtain confidential information, such as user accounts, from a vulnerable server.
References