• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Lotus Domino Banner Information Disclosure Vulnerability

A vulnerability has been reported in Lotus Domino server, that could allow a malicious user to view the full path to the web root.

Reportedly, if a user submits an HTTP request for a non existent .pl file, the server will return a 500 error page containing the full path of the file. In addition to disclosing path information, system information can be revealed. This was tested on Lotus Domino Server with NoBanner set to 1.