CVE-2001-1567

Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.

Published: Dec 31, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-1567
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ibm / lotus_domino	5.0.2	5.0.2.x
ibm / lotus_domino	5.0.1	5.0.1.x
ibm / lotus_domino	5.0.3	5.0.3.x
ibm / lotus_domino	5.0.9	5.0.9.x
ibm / lotus_domino	5.0.4	5.0.4.x
ibm / lotus_domino	5.0.6	5.0.6.x
ibm / lotus_domino	5.0	5.0.x
ibm / lotus_domino	5.0.7	5.0.7.x
ibm / lotus_domino	5.0.5	5.0.5.x
ibm / lotus_domino	5.0.8	5.0.8.x
ibm / lotus_domino	5.0.7a	5.0.7a.x
ibm / lotus_domino_server	-	5.0.9a.x

http://marc.info/?l=bugtraq&m=101284222932568&w=2
http://marc.info/?l=bugtraq&m=101285903120879&w=2
http://marc.info/?l=bugtraq&m=101286525008089&w=2
http://www.iss.net/security_center/static/8072.php
http://www.nextgenss.com/papers/hpldws.pdf
http://www.securityfocus.com/bid/4022

Vulnerability Database

289,697

CVE-2001-1567