This attack could pose a moderate security threat. It does not require immediate action.
This signature detects an attempt to exploit a vulnerability in the Lotus Notes Domino server.
Lotus Domino Server is an application framework for web based collaborative software. It runs on multiple platforms including Windows and Unix.
A vulnerability exists in some versions of Domino. Notes database files may be protected such that a password is required in order to access them. However, a maliciously constructed URL of a specific length bypasses this protection, allowing any remote user to view the sensitive file.
It has been reported that a constructed filename of the form file.ntf+++nsf, with a length of between 219 and 257 characters in total will exploit this vulnerability. A remote user requesting this file will be given file.nsf without the need to authenticate.
There have been multiple reports that this is a known issue, and only allows the remote user to access template (.ntf) files. There have been reports that this issue is fixed in Domino 5.0.9.
- Lotus Domino 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.7 a, 5.0.8, 5.0.9, 5.0.9 a