Bugtraq mailing list archives

WORKAROUND: Lotus Domino 5.0.5 Web Server vulnerability

From: Leonardo Rodrigues <coelho () PERSOGO COM BR>
Date: Tue, 9 Jan 2001 10:56:47 -0300

        Well, as Lotus haven't released a fix for the *confirmed* bug, we
get a workaround. Adding the following line:

map */../* /something.nsf

        at httpd.conf, seems to handle the bug. You should notice that
EVERYTHING using ../ links will stop working too, including the bug !

        We tested this on NT4 sp6a and Domino 5.0.5, and we COULDN'T get
the bug working after those lines were added.

        As we couldn't reproduce the bug on Linux Domino servers, and
seems that nobody could, we don't think adding those lines on Linux
httpd.conf servers is necessary.

        Sincerily,
        Leonardo Rodrigues
        Solution Web ( http://www.solutionweb.com.br )

Current thread:

Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Georgi Guninski (Jan 05)
- WORKAROUND: Lotus Domino 5.0.5 Web Server vulnerability Leonardo Rodrigues (Jan 09)
- <Possible follow-ups>
- Re: Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Ben Greenbaum (Jan 08)
  - Re: Lotus Domino 5.0.5 Web Server vulnerability - reading filesoutside the web root Georgi Guninski (Jan 08)
  - Re: Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Hendrik-Jan Verheij (Jan 09)
- Re: Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Stephen Forinash (Jan 08)