certfr_avis - CERTA-2002-AVI-084

CERTA-2002-AVI-084

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités ont été découvertes dans Lotus Domino.

Description

Un utilisateur mal intentionné peut réaliser un déni de service lors de l'authentification sur le serveur Domino Web Server.
Un utilisateur mal intentionné peut avoir accès à des documents attachés dans Lotus Notes malgré des droits de restriction en lecture.

Solution

Appliquer le correctif fourni par l'éditeur :

http://www.notes.net

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Domino Web Server ;
	Lotus	N/A	Lotus Notes versions 5.0.9 et antérieures.

References

Title

Publication Time

Tags

Bulletins de sécurité #191876 et #188900 de Lotus Domino	None	vendor-advisory
Avis de sécurité #188900 et #191876 de Lotus Domino :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Domino Web Server ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Lotus Notes versions 5.0.9 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Lotus",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\n-   Un utilisateur mal intentionn\u00e9 peut r\u00e9aliser un d\u00e9ni de service lors\n    de l\u0027authentification sur le serveur Domino Web Server.\n-   Un utilisateur mal intentionn\u00e9 peut avoir acc\u00e8s \u00e0 des documents\n    attach\u00e9s dans Lotus Notes malgr\u00e9 des droits de restriction en\n    lecture.\n\n## Solution\n\nAppliquer le correctif fourni par l\u0027\u00e9diteur :\n\n    http://www.notes.net\n",
  "cves": [],
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 #188900 et #191876 de Lotus Domino :",
      "url": "http://www.lotus.com/home.nsf/welcome/securityzone"
    }
  ],
  "reference": "CERTA-2002-AVI-084",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2002-04-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Acc\u00e8s non autoris\u00e9"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Lotus Domino.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Lotus Domino",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 #191876 et #188900 de Lotus Domino",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted