Lotus Domino HTTP Server security issue

From: Frank Perreault (frankat_private)
Date: Thu Nov 07 2002 - 12:39:20 PST

Next message: Martin Schulze: "[SECURITY] [DSA 191-1] New squirrelmail packages fix cross site scripting bugs"

Previous message: Vincent Danen: "[Full-Disclosure] Re: MDKSA-2002:076 - perl-MailTools update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Lotus Domino http (version) banner will appear despite notes.ini 'DominoNoBanner=1' setting. To recreate: formulate a URL requesting a non-existing nsf database. Example: 'http://serverAddress/nosuchdb.nsf' Has been verified on Lotus Domino 5.0.8, 5.0.9 and 5.0.9a. IBM Support is documenting and assigning a SPR number. (Taken <a href="http://hs.servehttp.com:9080/archives/00000042.html">here</a>.)

Next message: Martin Schulze: "[SECURITY] [DSA 191-1] New squirrelmail packages fix cross site scripting bugs"
Previous message: Vincent Danen: "[Full-Disclosure] Re: MDKSA-2002:076 - perl-MailTools update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Nov 07 2002 - 20:33:32 PST