Lotus Domino 5.0.8-9 - Non-Existent NSF Database Banner Information Disclosure

Author: Frank Perreault
type: remote
platform: multiple
port: 
date_added: 2002-11-07  
date_updated: 2012-10-15  
verified: 1  
codes: CVE-2002-2191;OSVDB-60115  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 21996.txt  

source: https://www.securityfocus.com/bid/6128/info


Lotus Domino reportedly discloses sensitive banner information when a non-existent NSF database is requested. This may allow a remote attacker to discover information about the layout of the filesystem.

This issue is present on Lotus Domino Server with the 'DominoNoBanner' set to a value of '1'.

http://www.example.com/nosuchdb.nsf