CVE-2002-0245

Name of the Vulnerable Software and Affected Versions Lotus Domino server version 5.0.8

Description The issue allows remote attackers to determine the physical path of the server or make any request that causes an HTTP 500 error, leaking sensitive information. Specifically, requesting a nonexistent file with a .pl (Perl) extension can leak the pathname in the error message. Additionally, any request that causes an HTTP 500 error can leak the server's version name in the HTTP error message.

Recommendations For Lotus Domino server version 5.0.8, consider disabling the NoBanner feature to prevent information leakage. As a temporary workaround, restrict access to the server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.