CVE-2002-0407
Last modified
CVE-2002-0407 is a vulnerability of currently unknown severity. htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.. EPSS estimates a 2.78% chance of exploitation in the next 30 days.
Description
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lotus | Domino | <= 5.0.9a |
References
- http://www.iss.net/security_center/static/8160.phpPatch, Vendor Advisory
- http://www.securityfocus.com/bid/4406Exploit, Patch, Vendor Advisory
- http://www.iss.net/security_center/static/8160.phpPatch, Vendor Advisory
- http://www.securityfocus.com/bid/4406Exploit, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2002-0407?
How severe is CVE-2002-0407?
How do I fix CVE-2002-0407?
Are you affected by CVE-2002-0407?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST