Re: Using Domino5.0.7 webadmin.ntf to read files

From: Richard (rvg@nltr.ca)
Date: Fri May 17 2002 - 16:54:35 EDT

• Next message: Alfred Huger: "List Closure till Friday"
• Previous message: Max: "Re: Config cisco switches against arpspoofing"
• Maybe in reply to: Ilici Ramirez: "Using Domino5.0.7 webadmin.ntf to read files"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> Supposing that 852566C90012664F is the ReplicaID of
> webadmin.ntf,by using :
> http://x.x.x.x:80/852566C90012664F/DBList?ReadForm
> you can list databases on the server.
>

This bug was fixed in 5.0.8. It can be avoided in two simple ways: (a)
upgrade (b) follow best practices and don't put templates on the server and
if you choose to ignore this advice at least set your ACLs accordingly.

Try a simple search to learn all you want.

http://www.google.ca/search?q=webadmin.ntf

The vendor response is here:

http://www-1.ibm.com/support/manager.wss?rs=463&rt=0&org=sims&doc=0B0C94EBE9
401D7B85256B5A006DECFC

richard

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Alfred Huger: "List Closure till Friday"
• Previous message: Max: "Re: Config cisco switches against arpspoofing"
• Maybe in reply to: Ilici Ramirez: "Using Domino5.0.7 webadmin.ntf to read files"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:21 EDT