|
Lotus Notes Domino Webserver CGI Vulnerabilities
Three vulnerabilities have been discovered in the cgi handling done by Lotus Domino Server's Webserver component. 1: Path information can be obtained. By submitting a request for a non-existant cgi, an attacker can determine the filesystem structure of the server. Example: Requested URL: http: //victimhost/cgi-bin/asdf Response: Error 500 Bad script request -- no variation of 'c:/notes/data/domino/cgi-bin/asdf' is executable 2: Anonymous access can not be disabled. Even with anonymous access turned off on th eserver, it is still permitted for the cgi-bin directory. 3: Buffer overflow in cgi error handling An overly long URL in a GET request, rooted in the cgi-bin directory, will crash the server. Not all long strings seem to work, but one that was tested and found to work was: 'GET /cgi-bin/[800 ','][4000 'a'] HTTP/1.0' |
|
|
Privacy Statement |
