Signature Detail

HTTP: Lotus Domino .nsf Password Bypass

This signature detects attempts to exploit a known vulnerability in Lotus Domino Web Server 5.0.8. Attackers can send a malformed URL to the daemon to bypass password protection on internal databases and obtain sensitive information that is normally restricted to administrator access.

Extended Description

Lotus Domino Server is an application framework for web based collaborative software. It runs on multiple platforms including Windows and Unix. Database files (.nsf) may be protected with a password under Domino. If a remote request for the file is submitted with a maliciously constructed filename of the correct length, the authentication process may be bypassed. There have been multiple reports that this is a known issue, and only allows the remote user to access template (.ntf) files. There have been reports that this issue is fixed in Domino 5.0.9.

Affected Products

• Lotus Domino 5.0.0
• Lotus Domino 5.0.1
• Lotus Domino 5.0.2
• Lotus Domino 5.0.3
• Lotus Domino 5.0.4
• Lotus Domino 5.0.5
• Lotus Domino 5.0.6
• Lotus Domino 5.0.7
• Lotus Domino 5.0.7 a
• Lotus Domino 5.0.8

References

• BugTraq: 4022
• CVE: CVE-2001-1567
• URL: http://www.securityfocus.com/archive/1/223812
• URL: http://www.nextgenss.com/papers/hpldws.pdf
• URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2001-1567