CVE-2001-1567

CWE-484 documents4 sources

Severity

5.0MEDIUM

EPSS

0.4%

top 39.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Lotus Domino Server IBM Lotus Domino

Timeline

PublishedDec 31

Latest updateApr 30

Description

Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDibm/lotus_domino_server5.0.9a

▶NVDibm/lotus_domino11 versions+10

🔴Vulnerability Details

GHSA

GHSA-mhwm-cccf-g93v: Lotus Domino server 5↗2022-04-30

▶

CVEList

CVE-2001-1567: Lotus Domino server 5↗2005-07-14

▶

📐Framework References

CWE

Path Equivalence: 'file name' (Internal Whitespace)

▶