Software Engineering Institute

CERT Coordination Center

Lotus Domino Web Server discloses IP address

Vulnerability Note VU#133771

Original Release Date: 2002-06-13 | Last Revised: 2002-06-13

Overview

Lotus Domino Web server discloses its IP address to some HTTP requests.

Description

Lotus Domino can be coerced to reveal its IP address by sending it a crafted HTTP request.

Impact

Attackers can discover limited information about the numbering of the Domino server's network.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Vendor Information

133771

Filter by status:

Filter by content: Additional information available

Sort by:

Lotus Unknown

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

http://www.securityfocus.com/bid/3350

Acknowledgements

Thanks to Frank Boldewin for discovering this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs:	CVE-2001-1018
Severity Metric:	3.75
Date Public:	2001-09-20
Date First Published:	2002-06-13
Date Last Updated:	2002-06-13 00:40 UTC
Document Revision:	13

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis

Carnegie Mellon University
Software Engineering Institute
4500 Fifth Avenue
Pittsburgh, PA 15213-2612
412-268-5800

Office Locations | Additional Sites Directory | Legal | Privacy Notice | CMU Ethics Hotline | www.sei.cmu.edu

©2022 Carnegie Mellon University

Contact SEI

Contact CERT/CC

412-268-5800
cert@cert.org