Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the servers version name in the HTTP error message.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Domino | Lotus | 5.0 (including) | 5.0 (including) |
| Domino | Lotus | 5.0.1 (including) | 5.0.1 (including) |
| Domino | Lotus | 5.0.2 (including) | 5.0.2 (including) |
| Domino | Lotus | 5.0.3 (including) | 5.0.3 (including) |
| Domino | Lotus | 5.0.4 (including) | 5.0.4 (including) |
| Domino | Lotus | 5.0.4a (including) | 5.0.4a (including) |
| Domino | Lotus | 5.0.5 (including) | 5.0.5 (including) |
| Domino | Lotus | 5.0.6 (including) | 5.0.6 (including) |
| Domino | Lotus | 5.0.6a (including) | 5.0.6a (including) |
| Domino | Lotus | 5.0.7 (including) | 5.0.7 (including) |
| Domino | Lotus | 5.0.7a (including) | 5.0.7a (including) |
| Domino | Lotus | 5.0.8 (including) | 5.0.8 (including) |
| Domino | Lotus | 5.0.9 (including) | 5.0.9 (including) |