Bugtraq mailing list archives
WORKAROUND: Lotus Domino 5.0.5 Web Server vulnerability
From: Leonardo Rodrigues <coelho () PERSOGO COM BR>
Date: Tue, 9 Jan 2001 10:56:47 -0300
Well, as Lotus haven't released a fix for the *confirmed* bug, we get a workaround. Adding the following line: map */../* /something.nsf at httpd.conf, seems to handle the bug. You should notice that EVERYTHING using ../ links will stop working too, including the bug ! We tested this on NT4 sp6a and Domino 5.0.5, and we COULDN'T get the bug working after those lines were added. As we couldn't reproduce the bug on Linux Domino servers, and seems that nobody could, we don't think adding those lines on Linux httpd.conf servers is necessary. Sincerily, Leonardo Rodrigues Solution Web ( http://www.solutionweb.com.br )
Current thread:
- Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Georgi Guninski (Jan 05)
- WORKAROUND: Lotus Domino 5.0.5 Web Server vulnerability Leonardo Rodrigues (Jan 09)
- <Possible follow-ups>
- Re: Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Ben Greenbaum (Jan 08)
- Re: Lotus Domino 5.0.5 Web Server vulnerability - reading filesoutside the web root Georgi Guninski (Jan 08)
- Re: Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Hendrik-Jan Verheij (Jan 09)
- Re: Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Stephen Forinash (Jan 08)