Vulnerabilities > CVE-2002-0407 - Path Disclosure vulnerability in Lotus Domino MS-DOS Device
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |