Signature Detail
Short Name |
HTTP:STC:NOTES-INI |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
Lotus Notes notes.ini Redirection |
Release Date |
2004/06/30 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Lotus Notes notes.ini Redirection
This signature detects URL links to an external notes.ini file (the configuration file for a Lotus Notes client). Lotus Notes Domino Server versions 6.0.x and 6.5.x are vulnerable. Because a Lotus Notes client enables users to specify a configuration file, attackers can entice potential targets to use a malicious file provided in a Web page or email message.
Extended Description
A vulnerability is reported to affect the way Lotus Notes URIs are handled. The vulnerability exists due to a lack of sufficient input validation performed on Lotus Notes URIs. By controlling influencing notes.ini content, it is possible for a remote attacker to execute arbitrary code. Code execution will occur in the context of the user who is running the vulnerable instance of Lotus Notes. It should be noted that this issue is not present in Lotus Notes R5 or 4.6x.
Affected Products
- IBM Lotus Notes 5.0.12
- IBM Lotus Notes 6.0.0
- IBM Lotus Notes 6.0.1
- IBM Lotus Notes 6.0.2
- IBM Lotus Notes 6.0.3
- IBM Lotus Notes 6.5.0
- IBM Lotus Notes 6.5.1
References