VULHUB ™

A vulnerability has been reported in Lotus Domino server, that could allow a malicious user to view the full path to the web root. Reportedly, if a user submits an HTTP request for a non existent .pl file, the server will return a 500 error page containing the full path of the file. In addition to disclosing path information, system information can be revealed. This was tested on Lotus Domino Server with NoBanner set to 1.

A vulnerability has been reported in Lotus Domino server, that could allow a malicious user to view the full path to the web root. Reportedly, if a user submits an HTTP request for a non existent .pl file, the server will return a 500 error page containing the full path of the file. In addition to disclosing path information, system information can be revealed. This was tested on Lotus Domino Server with NoBanner set to 1.