HTTP_LOTUS_DOMINO_TRAVERSAL_EXPLOIT
Gravedad: Crítico
Fecha recomendada: 04 de febrero de 2011
Descripción
Lotus Domino 5.0.6 or lower versions has a vulnerability wherein a remote user can gain access to a known file residing in the server. A specially crafted request can be sent to access a known filename which will display the content of the file with read permission. This could enable a remote attacker to gain access to systems files, password files, etc, that could lead to a complete compromise of the host.
Revelación de la información
Users of Trend Micro PC-cillin Internet Security and Network VirusWall can detect this exploit at the network layer with Network Virus Pattern (NVP) 10173 or later.
Download the latest NVW pattern file from the following site:
http://www.trendmicro.com/download/product.asp?productid=45
Software y versión afectados
- Lotus Domino 5.0.6
- Lotus Domino 5.0.5
- Lotus Domino 5.0.3
- Lotus Domino 5.0.2