Lotus Domino HTTP Vulnerability
CVE 2001-0009
Impact
A remote attacker could read arbitrary files outside the
web root directory or create a denial of service to the
web server.
Background
The Lotus Domino
family of servers includes a web server which implements
the
Hypertext Transfer Protocol (HTTP). The Lotus
Domino HTTP server, like most servers, keeps all of the files
which are allowed to be viewed by a web browser under a
directory referred to as the web root.
The Problems
.nsf Folder Traversal
CVE 2001-0009
It is possible to view files outside the web root directory
by submitting a request in which the path name begins with
"/.nsf/../". It is possible to view any file on
the server in this fasion, so long as the attacker knows
the full path name of the file, and the file resides on the
same disk partition as the web root.
Note that not all browsers accept path names of the form
described above. So if you try to exploit this vulnerability
using your web browser and it doesn't work, it does not
necessarily mean your server is not vulnerable -- it could
be the browser that prevented the attempt.
Multiple denial-of-service vulnerabilities
Multiple unrelated denial-of-service vulnerabilities in
the processing of HTTP requests could allow
a remote attacker to cause the web server to become
unresponsive or to cause the web server process to crash.
Resolution
Upgrade to Lotus Domino version 5.0.7
or higher.
Where can I read more about this?
The .nsf vulnerability was reported by
Windows IT Security.
The denial-of-service vulnerabilities were reported in
Defcom Labs Advisory
def-2001-20.