Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of + characters before the .nsf file extension, which are converted to spaces by Domino.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Lotus_domino | Ibm | 5.0.2 | 5.0.2 |
Lotus_domino | Ibm | 5.0.1 | 5.0.1 |
Lotus_domino | Ibm | 5.0.3 | 5.0.3 |
Lotus_domino | Ibm | 5.0.9 | 5.0.9 |
Lotus_domino | Ibm | 5.0.4 | 5.0.4 |
Lotus_domino | Ibm | 5.0.6 | 5.0.6 |
Lotus_domino | Ibm | 5.0 | 5.0 |
Lotus_domino | Ibm | 5.0.7 | 5.0.7 |
Lotus_domino | Ibm | 5.0.5 | 5.0.5 |
Lotus_domino | Ibm | 5.0.8 | 5.0.8 |
Lotus_domino | Ibm | 5.0.7a | 5.0.7a |
Lotus_domino_server | Ibm | * | 5.0.9a |