CVE-2011-0920
published 2011-02-08CVE-2011-0920: The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass…
PriorityP262critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
10.08%
95.0th percentile
The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS.
Affected
58 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
| ibm | domino | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2011-0920 affects the Java Console in IBM Domino; authentication bypass is possible when UNC share pathnames are used in an unsupported configuration — monitor for UNC path strings (\\server\share) in Domino Java Console traffic ↗
- →The IBM Lotus Domino Server Controller authentication bypass (related exploit) targets versions 8.5.3 and 8.5.2 FP3 on Windows platforms — flag unauthenticated connections to the Domino Server Controller service ↗
- ·The authentication bypass is only exploitable when a specific unsupported configuration involving UNC share pathnames is in use; standard configurations are not affected by this particular attack vector ↗
- ·CVE-2016-0304 exists because the original fix for CVE-2011-0920 was incomplete; patching to 8.5.3 FP6 IF13 or 9.0.1 FP6 is required to fully remediate ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hf78-8m34-fwxp: The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to byp
ghsa_unreviewed·2022-05-17
CVE-2011-0920 [HIGH] CWE-287 GHSA-hf78-8m34-fwxp: The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to byp
The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS.
GHSA
GHSA-vgwj-fv3c-ww5m: The remote console in the Server Controller in IBM Lotus Domino 7
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2011-1519 [CRITICAL] CWE-287 GHSA-vgwj-fv3c-ww5m: The remote console in the Server Controller in IBM Lotus Domino 7
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.
GHSA
GHSA-3gxc-gprv-rpqq: The Java Console in IBM Domino 8
ghsa_unreviewed·2022-05-13·CVSS 9.3
CVE-2016-0304 [CRITICAL] CWE-284 GHSA-3gxc-gprv-rpqq: The Java Console in IBM Domino 8
The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920.
No detection rules found.
Exploit-DB
IBM Lotus Domino Server Controller - Authentication Bypass
exploitdb·2011-11-30·CVSS 10.0
CVE-2011-1519 [CRITICAL] IBM Lotus Domino Server Controller - Authentication Bypass
IBM Lotus Domino Server Controller - Authentication Bypass
---
# Exploit Title: IBM Lotus Domino Controller auth. bypass
# Date:30/11/2011
# Author: Alexey Sintsov
# Software Link: http://www.ibm.com/
# Version:8.5.3/8.5.2 FP3 (0day)
# Tested on: Windows 7 / Windows 2008
# CVE : CVE-2011-1519
Application: IBM Lotus Domino Controller
Versions Affected:
function onLoadConsole()
{
alert("Connected");
}
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Cookie Handling Buffer Overflow (Metasploit)
exploitdb·2011-07-16
CVE-2009-0920 HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Cookie Handling Buffer Overflow (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'Toolbar.exe' CGI Cookie Handling Buffer Overflow (Metasploit)
---
##
# $Id: hp_nnm_toolbar_02.rb 13194 2011-07-16 05:21:20Z sinn3r $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HP OpenView Network Node Manager Toolbar.exe CGI Cookie Handling Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.0
and 7.53. By sending a CGI request with a specially OvOSLocale cookie to Toolbar.exe, an
attacker may be able to execute arbitrary
2011-02-08
Published