Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Lotus Domino 5.0.5 Web Server vulnerability WORK AROUNDS
From: Georgi Guninski <guninski () GUNINSKI COM>
Date: Wed, 10 Jan 2001 10:29:34 +0200

"Dyson, Thom" wrote:

These came to me from the Notes Admin List.

-------Solution 1---------
I don't the original author of this fix, so I can't give proper credit.

Add a File Protection Document in your PAB/DD:

Path:     /.box/../

Access Control:     -Default- - No Access

Repeat this for .ns4 and .nsf (.ns3 and .ntf are not affected).

Once you do this, do "tell http restart" or bounce your server.


This workaround does not always work.
Try
---------------------------------------
http://TARGETDOMINO/.nsf/AAA/../../FILE
---------------------------------------

Georgi Guninski


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]