CERT/CC Vulnerability Note VU#133771

Overview

Lotus Domino Web server discloses its IP address to some HTTP requests.

Description

Lotus Domino can be coerced to reveal its IP address by sending it a crafted HTTP request.

Impact

Attackers can discover limited information about the numbering of the Domino server's network.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Vendor Information

133771

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

Lotus Unknown

Updated: October 19, 2001

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

http://www.securityfocus.com/bid/3350

Acknowledgements

Thanks to Frank Boldewin for discovering this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs:	CVE-2001-1018
Severity Metric:	3.75
Date Public:	2001-09-20
Date First Published:	2002-06-13
Date Last Updated:	2002-06-13 00:40 UTC
Document Revision:	13

Software Engineering Institute

CERT Coordination Center

Lotus Domino Web Server discloses IP address

Vulnerability Note VU#133771

Overview

Description

Impact

Solution

Vendor Information

Lotus Unknown

Status

Vendor Statement

Vendor Information

Addendum

CVSS Metrics

References

Acknowledgements

Other Information

Contact CERT/CC