Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Lotus Domino MS-DOS设备请求可导致路径泄露漏洞
Vulnerability Description
Lotus Domino服务器是一款基于WEB合作的应用程序架构,运行在Linux,Unix和Microsoft windows操作系统平台下。 Lotus Domino服务器在处理针对MS-DOS设备名的请求处理上存在问题,可导致路径泄露。 Lotus Domino使用QueryDosDevice函数检查是否引用的文件为DOS设备,然后处理判断是否文件存在或者是否使用access()函数进行访问。如果你把com5提交给access()函数,它会返回0,如果此设备不存在,函数就会返回-1。根据这个思想,通
CVSS Information
N/A
Vulnerability Type
N/A