Nessus Plugin #10795
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
Lotus Notes ?OpenServer Information Disclosure
- Family:
- CGI abuses
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2001 SecuriTeam
- Summary:
- Lotus Notes ?OpenServer Information Disclosure
- Version:
- $Revision: 1.9 $
- Cve_id:
- -
- Bugtraq_id:
- -
- Xrefs:
- -
- Description:
A default behavior of Lotus Notes allows remote users to enumerate existing databases on a remote Domino (Lotus Notes) server. This information is considered sensitive, since it might reveal versions, logs, statistics, etc.
Solution: To disable this behavior open names.nsf and edit the Servers document in the Server view. From the Internet Protocols tab set 'Allow HTTP Clients to browse databases' to No.
This command doesn't affect a single database - it is a server-wide issue.
Risk factor : Medium
Additional information:
http://www.securiteam.com/securitynews/6W0030U35W.html
http://online.securityfocus.com/archive/1/223810
Generiert am 27.04.2005 um 18:49:54 Uhr.