Vulnerabilites related to lotus - domino
CVE-2002-0087 (GCVE-0-2002-0087)
Vulnerability from cvelistv5
Published
2002-03-07 05:00
Modified
2024-08-08 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.esecurityonline.com/advisories/eSO4125.asp"
},
{
"name": "4318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4318"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21095671"
},
{
"name": "lotus-domino-tmpfile-symlink(8586)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8586"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.esecurityonline.com/advisories/eSO4125.asp"
},
{
"name": "4318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4318"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21095671"
},
{
"name": "lotus-domino-tmpfile-symlink(8586)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8586"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.esecurityonline.com/advisories/eSO4125.asp",
"refsource": "MISC",
"url": "http://www.esecurityonline.com/advisories/eSO4125.asp"
},
{
"name": "4318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4318"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21095671",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21095671"
},
{
"name": "lotus-domino-tmpfile-symlink(8586)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8586"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0087",
"datePublished": "2002-03-07T05:00:00",
"dateReserved": "2002-03-06T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0408 (GCVE-0-2002-0408)
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:49:27.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4049",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4049"
},
{
"name": "20020303 Re: KPMG-2002006: Lotus Domino Physical Path Revealed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101785616526383\u0026w=2"
},
{
"name": "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4049",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4049"
},
{
"name": "20020303 Re: KPMG-2002006: Lotus Domino Physical Path Revealed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101785616526383\u0026w=2"
},
{
"name": "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4049",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4049"
},
{
"name": "20020303 Re: KPMG-2002006: Lotus Domino Physical Path Revealed",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101785616526383\u0026w=2"
},
{
"name": "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0408",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:49:27.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1012 (GCVE-0-1999-1012)
Vulnerability from cvelistv5
Published
2001-09-12 04:00
Modified
2024-08-01 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/173"
},
{
"name": "19990504 AS/400",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/13527"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/173"
},
{
"name": "19990504 AS/400",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/13527"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/173"
},
{
"name": "19990504 AS/400",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/13527"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1012",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0290 (GCVE-0-2011-0290)
Vulnerability from cvelistv5
Published
2011-10-21 10:00
Modified
2024-08-06 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:07.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46370"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/KB28524"
},
{
"name": "50064",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50064"
},
{
"name": "1026179",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026179"
},
{
"name": "76286",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/76286"
},
{
"name": "bes-collaboration-service-spoofing(70519)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70519"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46370"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/KB28524"
},
{
"name": "50064",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50064"
},
{
"name": "1026179",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026179"
},
{
"name": "76286",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/76286"
},
{
"name": "bes-collaboration-service-spoofing(70519)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70519"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46370"
},
{
"name": "http://www.blackberry.com/btsc/KB28524",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/KB28524"
},
{
"name": "50064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50064"
},
{
"name": "1026179",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026179"
},
{
"name": "76286",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/76286"
},
{
"name": "bes-collaboration-service-spoofing(70519)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70519"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0290",
"datePublished": "2011-10-21T10:00:00",
"dateReserved": "2011-01-06T00:00:00",
"dateUpdated": "2024-08-06T21:51:07.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0954 (GCVE-0-2001-0954)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:07.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "lotus-domino-database-dos(7684)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7684"
},
{
"name": "20011207 Lotus Domino Web server vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100780146532131\u0026w=2L:1"
},
{
"name": "3656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3656"
},
{
"name": "2000",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2000"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/manager.wss?rs=1\u0026rt=0\u0026org=sims\u0026doc=255CC03D83CFF50C85256B1E005E349B"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-06T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "lotus-domino-database-dos(7684)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7684"
},
{
"name": "20011207 Lotus Domino Web server vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100780146532131\u0026w=2L:1"
},
{
"name": "3656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3656"
},
{
"name": "2000",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2000"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/manager.wss?rs=1\u0026rt=0\u0026org=sims\u0026doc=255CC03D83CFF50C85256B1E005E349B"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lotus-domino-database-dos(7684)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7684"
},
{
"name": "20011207 Lotus Domino Web server vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100780146532131\u0026w=2L:1"
},
{
"name": "3656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3656"
},
{
"name": "2000",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2000"
},
{
"name": "http://www-1.ibm.com/support/manager.wss?rs=1\u0026rt=0\u0026org=sims\u0026doc=255CC03D83CFF50C85256B1E005E349B",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/manager.wss?rs=1\u0026rt=0\u0026org=sims\u0026doc=255CC03D83CFF50C85256B1E005E349B"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0954",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:37:07.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0846 (GCVE-0-2001-0846)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:06.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1979",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1979"
},
{
"name": "3491",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7424.php"
},
{
"name": "lotus-domino-replicaid-access(7424)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7424"
},
{
"name": "20011030 Lotus Domino Web Administrator Template ReplicaID Access (#NISR29102001A)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100448721830960\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1979",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1979"
},
{
"name": "3491",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.iss.net/security_center/static/7424.php"
},
{
"name": "lotus-domino-replicaid-access(7424)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7424"
},
{
"name": "20011030 Lotus Domino Web Administrator Template ReplicaID Access (#NISR29102001A)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100448721830960\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1979",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1979"
},
{
"name": "3491",
"refsource": "BID",
"url": "http://www.iss.net/security_center/static/7424.php"
},
{
"name": "lotus-domino-replicaid-access(7424)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7424"
},
{
"name": "20011030 Lotus Domino Web Administrator Template ReplicaID Access (#NISR29102001A)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100448721830960\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0846",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-11-22T00:00:00",
"dateUpdated": "2024-08-08T04:37:06.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0245 (GCVE-0-2002-0245)
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 02:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:28.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4049",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4049"
},
{
"name": "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/manager.wss?rs=1\u0026rt=0\u0026org=sims\u0026doc=07B32060E4CC97E985256B64005AEB0F"
},
{
"name": "lotus-domino-reveal-information(8160)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8160.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server\u0027s version name in the HTTP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4049",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4049"
},
{
"name": "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/manager.wss?rs=1\u0026rt=0\u0026org=sims\u0026doc=07B32060E4CC97E985256B64005AEB0F"
},
{
"name": "lotus-domino-reveal-information(8160)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8160.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server\u0027s version name in the HTTP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4049",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4049"
},
{
"name": "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
},
{
"name": "http://www-1.ibm.com/support/manager.wss?rs=1\u0026rt=0\u0026org=sims\u0026doc=07B32060E4CC97E985256B64005AEB0F",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/manager.wss?rs=1\u0026rt=0\u0026org=sims\u0026doc=07B32060E4CC97E985256B64005AEB0F"
},
{
"name": "lotus-domino-reveal-information(8160)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8160.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0245",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T02:42:28.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1018 (GCVE-0-2001-1018)
Vulnerability from cvelistv5
Published
2002-02-02 05:00
Modified
2024-08-08 04:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:06.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010919 lotus domino server 5.08 is very gabby",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100094373621813\u0026w=2"
},
{
"name": "3350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3350"
},
{
"name": "lotus-domino-ip-reveal(7180)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7180"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010919 lotus domino server 5.08 is very gabby",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100094373621813\u0026w=2"
},
{
"name": "3350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3350"
},
{
"name": "lotus-domino-ip-reveal(7180)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7180"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010919 lotus domino server 5.08 is very gabby",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100094373621813\u0026w=2"
},
{
"name": "3350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3350"
},
{
"name": "lotus-domino-ip-reveal(7180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7180"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1018",
"datePublished": "2002-02-02T05:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:44:06.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0939 (GCVE-0-2001-0939)
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:07.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3607",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3607"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/manager.wss?rs=0\u0026rt=0\u0026org=sims\u0026doc=4C8E450DBF2E7F1885256B200079FA88"
},
{
"name": "1998",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1998"
},
{
"name": "lotus-domino-nhttp-dos(7631)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7631"
},
{
"name": "20011130 Denial of Service in Lotus Domino 5.08 and earlier HTTP Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100715316426817\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3607",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3607"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/manager.wss?rs=0\u0026rt=0\u0026org=sims\u0026doc=4C8E450DBF2E7F1885256B200079FA88"
},
{
"name": "1998",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1998"
},
{
"name": "lotus-domino-nhttp-dos(7631)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7631"
},
{
"name": "20011130 Denial of Service in Lotus Domino 5.08 and earlier HTTP Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100715316426817\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3607"
},
{
"name": "http://www-1.ibm.com/support/manager.wss?rs=0\u0026rt=0\u0026org=sims\u0026doc=4C8E450DBF2E7F1885256B200079FA88",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/manager.wss?rs=0\u0026rt=0\u0026org=sims\u0026doc=4C8E450DBF2E7F1885256B200079FA88"
},
{
"name": "1998",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1998"
},
{
"name": "lotus-domino-nhttp-dos(7631)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7631"
},
{
"name": "20011130 Denial of Service in Lotus Domino 5.08 and earlier HTTP Server",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100715316426817\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0939",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:37:07.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1203 (GCVE-0-2000-1203)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 05:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "lotus-domino-bounced-message-dos(7012)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7012"
},
{
"name": "20010823 Lotus Domino DoS solution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/209754"
},
{
"name": "20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=95886062521327\u0026w=2"
},
{
"name": "3212",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3212"
},
{
"name": "20010820 Lotus Domino DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/cgi-bin/archive.pl?id=1\u0026start=2002-01-21\u0026end=2002-01-27\u0026mid=209116\u0026threads=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "lotus-domino-bounced-message-dos(7012)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7012"
},
{
"name": "20010823 Lotus Domino DoS solution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/209754"
},
{
"name": "20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=95886062521327\u0026w=2"
},
{
"name": "3212",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3212"
},
{
"name": "20010820 Lotus Domino DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/cgi-bin/archive.pl?id=1\u0026start=2002-01-21\u0026end=2002-01-27\u0026mid=209116\u0026threads=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lotus-domino-bounced-message-dos(7012)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7012"
},
{
"name": "20010823 Lotus Domino DoS solution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/209754"
},
{
"name": "20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev\u0026m=95886062521327\u0026w=2"
},
{
"name": "3212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3212"
},
{
"name": "20010820 Lotus Domino DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/cgi-bin/archive.pl?id=1\u0026start=2002-01-21\u0026end=2002-01-27\u0026mid=209116\u0026threads=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1203",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T05:45:37.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0407 (GCVE-0-2002-0407)
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:49:28.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020402 KPMG-2002006: Lotus Domino Physical Path Revealed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/265380"
},
{
"name": "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
},
{
"name": "4406",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4406"
},
{
"name": "lotus-domino-reveal-information(8160)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8160.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020402 KPMG-2002006: Lotus Domino Physical Path Revealed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/265380"
},
{
"name": "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
},
{
"name": "4406",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4406"
},
{
"name": "lotus-domino-reveal-information(8160)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8160.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020402 KPMG-2002006: Lotus Domino Physical Path Revealed",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/265380"
},
{
"name": "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
},
{
"name": "4406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4406"
},
{
"name": "lotus-domino-reveal-information(8160)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8160.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0407",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:49:28.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1046 (GCVE-0-2000-1046)
Vulnerability from cvelistv5
Published
2000-11-29 05:00
Modified
2024-08-08 05:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:36.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000911 Advisory Code: VIGILANTE-2000011 Lotus Domino ESMTP Service Buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0093.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) \"RCPT TO,\" (2) \"SAML FROM,\" or (3) \"SOML FROM\" commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-07-23T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000911 Advisory Code: VIGILANTE-2000011 Lotus Domino ESMTP Service Buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0093.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) \"RCPT TO,\" (2) \"SAML FROM,\" or (3) \"SOML FROM\" commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000911 Advisory Code: VIGILANTE-2000011 Lotus Domino ESMTP Service Buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0093.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1046",
"datePublished": "2000-11-29T05:00:00",
"dateReserved": "2000-11-29T00:00:00",
"dateUpdated": "2024-08-08T05:45:36.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2191 (GCVE-0-2002-2191)
Vulnerability from cvelistv5
Published
2005-11-16 21:17
Modified
2024-09-16 19:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:51:17.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20021107 Lotus Domino HTTP Server security issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2"
},
{
"name": "6128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6128"
},
{
"name": "lotus-domino-version-disclosure(10557)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10557.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino 5.0.9a and earlier, even when configured with the \u0027DominoNoBanner=1\u0027 option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-16T21:17:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20021107 Lotus Domino HTTP Server security issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2"
},
{
"name": "6128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6128"
},
{
"name": "lotus-domino-version-disclosure(10557)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10557.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lotus Domino 5.0.9a and earlier, even when configured with the \u0027DominoNoBanner=1\u0027 option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021107 Lotus Domino HTTP Server security issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2"
},
{
"name": "6128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6128"
},
{
"name": "lotus-domino-version-disclosure(10557)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10557.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2191",
"datePublished": "2005-11-16T21:17:00Z",
"dateReserved": "2005-11-16T00:00:00Z",
"dateUpdated": "2024-09-16T19:36:48.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "80022584-A581-4DE2-9F2B-EC971F4D6DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "468D4453-9607-4A74-908F-E5980DB3BDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A34DB2-C513-448B-8C45-CA52EC652DCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino 5.0.9a and earlier, even when configured with the \u0027DominoNoBanner=1\u0027 option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner."
}
],
"evaluatorSolution": "This issue is present on Lotus Domino Server with the \u0027DominoNoBanner\u0027 set to a value of \u00271\u0027.",
"id": "CVE-2002-2191",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.iss.net/security_center/static/10557.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/6128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.iss.net/security_center/static/10557.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/6128"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-09-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "80022584-A581-4DE2-9F2B-EC971F4D6DA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters."
}
],
"id": "CVE-2001-1018",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-09-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=100094373621813\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3350"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=100094373621813\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7180"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-08-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lotus:domino:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "640FCA2F-155E-4A05-9435-9E1446B65D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A113B07-5CBE-4B28-9AE5-627FB3222640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55D71763-C009-4257-9899-51B8EAC3D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB826C12-8B6E-4636-A6FC-90D47CCB706B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A190AC8-E0AC-4CCF-8E5B-62F97633173A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B990B6CA-8288-47E6-8D09-5F56FC844F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A9DC42-4A06-4FA0-9E4A-2ABC52D1D083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C9CC25-44BD-4000-A5BD-62B55E9855D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0F8C3E35-9D62-4E10-91AA-EFFC40A35918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B9F784ED-9EB5-4CBA-98BE-B6C78F5B66DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "80022584-A581-4DE2-9F2B-EC971F4D6DA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop."
}
],
"id": "CVE-2000-1203",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-08-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=vuln-dev\u0026m=95886062521327\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/209754"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3212"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/cgi-bin/archive.pl?id=1\u0026start=2002-01-21\u0026end=2002-01-27\u0026mid=209116\u0026threads=1"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=vuln-dev\u0026m=95886062521327\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/209754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/cgi-bin/archive.pl?id=1\u0026start=2002-01-21\u0026end=2002-01-27\u0026mid=209116\u0026threads=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7012"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-26 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lotus:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EC7B78-B8E5-4B9A-91E9-49B5E5FA55B1",
"versionEndIncluding": "5.0.9a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message."
}
],
"id": "CVE-2002-0407",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8160.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/265380"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8160.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/265380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4406"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-26 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lotus:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28EC7B78-B8E5-4B9A-91E9-49B5E5FA55B1",
"versionEndIncluding": "5.0.9a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message."
}
],
"id": "CVE-2002-0408",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101785616526383\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101785616526383\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4049"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-05-29 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lotus:domino:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECFA202A-6B78-4378-B9C2-B13EBC443A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB826C12-8B6E-4636-A6FC-90D47CCB706B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A190AC8-E0AC-4CCF-8E5B-62F97633173A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B990B6CA-8288-47E6-8D09-5F56FC844F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A9DC42-4A06-4FA0-9E4A-2ABC52D1D083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "748BF88E-D906-44D0-8B2C-7D734C76634E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C9CC25-44BD-4000-A5BD-62B55E9855D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0F8C3E35-9D62-4E10-91AA-EFFC40A35918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF50283-F028-4FA7-95B6-829BF3BE32D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B9F784ED-9EB5-4CBA-98BE-B6C78F5B66DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCD6703-23A6-4BCC-BE57-C0D7FDB26E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "80022584-A581-4DE2-9F2B-EC971F4D6DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "468D4453-9607-4A74-908F-E5980DB3BDF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server\u0027s version name in the HTTP error message."
},
{
"lang": "es",
"value": "El servidor 5.0.8 de Lotus Domino con NoBanner habilitado permite que atacantes remotos (1) conozcan el path f\u00edsico del servidor por medio de una petici\u00f3n de un fichero no existente con una estensi\u00f3n .pl (Perl), lo cual hace que se muestre el path absoluto en el mensaje de error, o (2) hagan cualquier petici\u00f3n que cause el error 500 de HTTP, lo cual lleva a que aparezca el nombre de la versi\u00f3n del servidor en el mensaje de error HTTP."
}
],
"id": "CVE-2002-0245",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-05-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/manager.wss?rs=1\u0026rt=0\u0026org=sims\u0026doc=07B32060E4CC97E985256B64005AEB0F"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8160.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101310812804716\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/manager.wss?rs=1\u0026rt=0\u0026org=sims\u0026doc=07B32060E4CC97E985256B64005AEB0F"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8160.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4049"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-12-11 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2000-09/0093.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2000-09/0093.html | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "43FCF018-AE63-4D6B-B6D2-2DF6912E4D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADEA116-1DB1-4D19-B073-A36B63313BA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) \"RCPT TO,\" (2) \"SAML FROM,\" or (3) \"SOML FROM\" commands."
}
],
"id": "CVE-2000-1046",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-12-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0093.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0093.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-11-30 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lotus:domino:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECFA202A-6B78-4378-B9C2-B13EBC443A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB826C12-8B6E-4636-A6FC-90D47CCB706B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A190AC8-E0AC-4CCF-8E5B-62F97633173A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B990B6CA-8288-47E6-8D09-5F56FC844F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A9DC42-4A06-4FA0-9E4A-2ABC52D1D083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C9CC25-44BD-4000-A5BD-62B55E9855D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0F8C3E35-9D62-4E10-91AA-EFFC40A35918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B9F784ED-9EB5-4CBA-98BE-B6C78F5B66DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "80022584-A581-4DE2-9F2B-EC971F4D6DA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443."
}
],
"id": "CVE-2001-0939",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-11-30T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=100715316426817\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/manager.wss?rs=0\u0026rt=0\u0026org=sims\u0026doc=4C8E450DBF2E7F1885256B200079FA88"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/1998"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3607"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=100715316426817\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/manager.wss?rs=0\u0026rt=0\u0026org=sims\u0026doc=4C8E450DBF2E7F1885256B200079FA88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/1998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7631"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-21 10:55
Modified
2025-04-11 00:51
Severity ?
Summary
The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rim | blackberry_enterprise_server | 5.0.3 | |
| lotus | domino | * | |
| microsoft | exchange_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11FF9320-7C94-4700-81A8-E7D7694EB97D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lotus:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1DDF69-2820-4ADA-BB83-1E9704AF3CC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "261FB692-DD0F-494F-A25A-AFCC00BE4585",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors."
},
{
"lang": "es",
"value": "BlackBerry Collaboration Service en Research In Motion (RIM) BlackBerry Enterprise Server (BES) v5.0.3 a trav\u00e9s de MR4 para Microsoft Exchange y Lotus Domino permite, a usuarios remotos autenticados, a acceder a cuentas de usuario de su elecci\u00f3n asociados con la misma organizaci\u00f3n, y enviar mensajes, leer los mensajes, leer las listas de contactos o causar una denegaci\u00f3n de servicio (indisponibilidad de inicio de sesi\u00f3n), a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-0290",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-21T10:55:03.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46370"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1026179"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.blackberry.com/btsc/KB28524"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/76286"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/50064"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1026179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.blackberry.com/btsc/KB28524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/76286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/50064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70519"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-15 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.7:*:solaris:*:*:*:*:*",
"matchCriteriaId": "5B272864-2871-4EED-9C8E-FEB726F222BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files."
},
{
"lang": "es",
"value": "bindsock en Lotus Domino 5.07 en Solaris permite a usuarios locales crear ficheros arbitrarios mediante un ataque de enlaces simb\u00f3licos (symlink attack) en ficheros temporales."
}
],
"id": "CVE-2002-0087",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21095671"
},
{
"source": "cve@mitre.org",
"url": "http://www.esecurityonline.com/advisories/eSO4125.asp"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4318"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21095671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.esecurityonline.com/advisories/eSO4125.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8586"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-05-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/archive/1/13527 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/13527 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/173 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lotus:domino:4.6.1:*:as_400:*:*:*:*:*",
"matchCriteriaId": "DCEF37BA-4294-4F11-BCA9-CBA04370921A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string."
}
],
"id": "CVE-1999-1012",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-05-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/13527"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/13527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/173"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-06 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lotus:domino:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECFA202A-6B78-4378-B9C2-B13EBC443A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB826C12-8B6E-4636-A6FC-90D47CCB706B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A190AC8-E0AC-4CCF-8E5B-62F97633173A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "43FCF018-AE63-4D6B-B6D2-2DF6912E4D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADEA116-1DB1-4D19-B073-A36B63313BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B990B6CA-8288-47E6-8D09-5F56FC844F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A9DC42-4A06-4FA0-9E4A-2ABC52D1D083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "748BF88E-D906-44D0-8B2C-7D734C76634E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C9CC25-44BD-4000-A5BD-62B55E9855D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0F8C3E35-9D62-4E10-91AA-EFFC40A35918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF50283-F028-4FA7-95B6-829BF3BE32D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B9F784ED-9EB5-4CBA-98BE-B6C78F5B66DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCD6703-23A6-4BCC-BE57-C0D7FDB26E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "80022584-A581-4DE2-9F2B-EC971F4D6DA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf)."
}
],
"id": "CVE-2001-0846",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-06T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=100448721830960\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/7424.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/1979"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=100448721830960\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/7424.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/1979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7424"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-07 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C9CC25-44BD-4000-A5BD-62B55E9855D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lotus:domino:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "80022584-A581-4DE2-9F2B-EC971F4D6DA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory."
}
],
"id": "CVE-2001-0954",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-07T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=100780146532131\u0026w=2L:1"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/manager.wss?rs=1\u0026rt=0\u0026org=sims\u0026doc=255CC03D83CFF50C85256B1E005E349B"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/2000"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3656"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=100780146532131\u0026w=2L:1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/manager.wss?rs=1\u0026rt=0\u0026org=sims\u0026doc=255CC03D83CFF50C85256B1E005E349B"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/2000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7684"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}