CVE-2000-1117 β€” Observable Discrepancy in IBM Lotus Notes

CWE-203 β€” Observable Discrepancy5 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
1.3%
top 20.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Lotus Notes
Timeline
PublishedJan 9
Latest updateApr 30

Description

The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

β–ΆNVDibm/lotus_notesr5

πŸ”΄Vulnerability Details

2
GHSA
GHSA-xh44-f8rg-h6h3: The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine th↗2022-04-30
β–Ά
CVEList
CVE-2000-1117: The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine th↗2000-12-19
β–Ά

πŸ’₯Exploits & PoCs

2
Exploit-DB
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth↗2019-07-10
β–Ά
Exploit-DB
FrontPage 97/98 - Server Image Mapper Buffer Overflow↗2000-04-19
β–Ά
CVE-2000-1117 β€” Observable Discrepancy in IBM | cvebase