Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Lotus Domino administration databases

Information

Severity

Severity

High

Family

Family

Web Servers

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Workaround

Created

Created

18 years ago

Modified

Modified

5 years ago

Summary

This script determines if some default databases can be read remotely. An anonymous user can retrieve information from this Lotus Domino server: users, databases, configuration of servers (including operating system and hard disk partitioning), logs of access to users (which could expose sensitive data if GET html forms are used). This issues are discussed in the references 'Lotus White Paper: A Guide to Developing Secure Domino Applications' (december 1999).

Solution

Solution

Verify all the ACLs for these databases and remove those not needed.

Common Vulnerabilities and Exposures (CVE)