CVE-2002-0407

Опубликовано: 26 июл. 2002

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.

Ссылки

http://marc.info/?l=bugtraq&m=101310812804716&w=2
http://www.iss.net/security_center/static/8160.php
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/265380
http://www.securityfocus.com/bid/4406
Exploit
Patch
Vendor Advisory
http://marc.info/?l=bugtraq&m=101310812804716&w=2
http://www.iss.net/security_center/static/8160.php
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/265380
http://www.securityfocus.com/bid/4406
Exploit
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lotus:domino:*:*:*:*:*:*:*:*

Версия до 5.0.9a (включая)

EPSS

Процентиль: 79%

0.01303

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-w4ww-gfvw-wghf

github

почти 4 года назад