Vulnerabilities > CVE-2002-0245 - Unspecified vulnerability in Lotus Domino

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
lotus
nessus

Summary

Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message.

Nessus

NASL familyWeb Servers
NASL idLOTUS_PATH_DISCLOSURE.NASL
descriptionThe remote web server appears to be a version of Lotus Domino that allows an attacker to determine the physical path to the web root by requesting a non-existent
last seen2020-06-01
modified2020-06-02
plugin id11009
published2002-06-08
reporterThis script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11009
titleIBM Lotus Domino Banner Nonexistent .pl File Request Path Disclosure
code
#
# (C) Tenable Network Security, Inc.
#

# based on php3_path_disclosure by Matt Moore
#
# References
# From: "Peter_Grundl" <[email protected]>
# To: "bugtraq" <[email protected]>
# Subject: KPMG-2002006: Lotus Domino Physical Path Revealed
# Date: Tue, 2 Apr 2002 16:18:06 +0200
#

include("compat.inc");

if (description)
{
 script_id(11009);
 script_version("1.33");
 script_cvs_date("Date: 2018/11/15 20:50:25");

 script_cve_id("CVE-2002-0245", "CVE-2002-0408");
 script_bugtraq_id(4049);

 script_name(english:"IBM Lotus Domino Banner Nonexistent .pl File Request Path Disclosure");
 script_summary(english:"Tests for Lotus Physical Path Disclosure Vulnerability");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by an information disclosure
vulnerability.");
 script_set_attribute(attribute:"description", value:
"The remote web server appears to be a version of Lotus Domino that
allows an attacker to determine the physical path to the web root by
requesting a non-existent '.pl' file.");
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2002/Feb/103");
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2002/Apr/14");
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2002/Apr/41");
 script_set_attribute(attribute:"solution", value:"Upgrade to Domino 5.0.10 or later.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2002/02/07");
 script_set_attribute(attribute:"plugin_publication_date", value:"2002/06/08");

 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe",value:"cpe:/a:lotus:domino");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.");

 script_family(english:"Web Servers");

 script_dependencie("iis_detailed_error.nasl", "404_path_disclosure.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

# Actual check starts here...

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);
if (get_kb_item("www/"+port+"/iis_detailed_errors"))  exit(0, "The web server listening on port "+port+" appears to be an instance of IIS that returns detailed error messages.");
if (get_kb_item("www/"+port+"/generic_path_disclosure"))  exit(0, "The web server listening on port "+port+" is known to be affected by a generic path disclosure vulnerability.");

url = "/cgi-bin/com5.pl";

res = test_generic_path_disclosure(item: url, 
                                   method: "GET", 
                                   port: port, 
                                   path_type: "windows",
                                   filename: "com5.pl", 
                                   exit_on_fail: TRUE);
 
if (!res) exit(0, "The web server listening on port "+port+" is not affected.");