|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Nicolas Gregoire (ngregoire
exaprobe.com)Date: Sun Mar 03 2002 - 06:01:01 CST
02/04/2002 16:18:06, Peter Gründl <pgrundlkpmg.dk> wrote :
>Problem:
>========
>Due to problems handling Windows DOS devices, the Domino Server
>can be brought to show the physical location of the web root.
>Corrective action:
>==================
>Upgrade to Lotus Domino V5.0.10, which can be downloaded here:
>http://www.notes.net/qmrdown.nsf
This upgrade solves the "banner disclosure" issue too, which was
presented to Bugtraq readers in my post regarding "physical path
disclosure" [1].
Apparently, the banner string was hard-coded in the "htcgibin.exe"
module ...
Thanks to Peter Gründl <pgrundlkpmg.dk> for testing the lastest
Domino release for this bug.
[1] : http://online.securityfocus.com/archive/1/254768
Nicolas Gregoire
Exaprobe
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]