Lotus Domino 5.0.8-9 - Non-Existent NSF Database Banner Information Disclosure

Author: Frank Perreault
type: remote
platform: multiple
port: nan
date_added: 2002-11-07 
date_updated: 2012-10-15 
verified: 1 
codes: CVE-2002-2191;OSVDB-60115 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/6128/info


Lotus Domino reportedly discloses sensitive banner information when a non-existent NSF database is requested. This may allow a remote attacker to discover information about the layout of the filesystem.

This issue is present on Lotus Domino Server with the 'DominoNoBanner' set to a value of '1'.

http://www.example.com/nosuchdb.nsf