PT-2007-2412 · Ibm · Ibm Lotus Domino

Marco Ivaldi

Published

2007-02-16

Updated

2017-10-11

CVE-2007-0977

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: IBM Lotus Domino versions R5 and R6

Description: The issue affects IBM Lotus Domino R5 and R6 WebMail when "Generate HTML for all fields" is enabled. It stores HTTPPassword hashes from names.nsf in a manner that allows access through Readviewentries and OpenDocument requests to the defaultview view.

Recommendations: For IBM Lotus Domino versions R5 and R6, consider disabling the "Generate HTML for all fields" option as a temporary workaround to minimize the risk of exploitation. Restrict access to the names.nsf file and defaultview view to prevent unauthorized access to HTTPPassword hashes.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0977

Affected Products

Ibm Lotus Domino

PT-2007-2412 · Ibm · Ibm Lotus Domino

CVE-2007-0977

Related Identifiers

Affected Products

References · 5