The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies, which allows remote attackers to obtain sensitive information.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Lotus_domino | Ibm | 5.0.8 (including) | 5.0.8 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=100094373621813\u0026w=2
- http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/5552251934afaa9585256c0000737a7f?OpenDocument\u0026Highlight=0%2CAWHN4A8QWM
- http://www.kb.cert.org/vuls/id/984555
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10685
- http://marc.info/?l=bugtraq\u0026m=100094373621813\u0026w=2
- http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/5552251934afaa9585256c0000737a7f?OpenDocument\u0026Highlight=0%2CAWHN4A8QWM
- http://www.kb.cert.org/vuls/id/984555
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10685