Bugtraq mailing list archives
Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service
From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: Thu, 07 Feb 2002 18:32:15 +0100
04/02/2002 14:58:55, Peter Gründl <pgrundl () kpmg dk> wrote :
A request for a DOS-device from CGI-BIN with any given extension is accepted by the server as a valid request and is passed on the to cgihandler (nhttpcgi.exe).
I've played a little bit with a Lotus Domino server (version 5.0.8) on Windows 2000 and with NoBanner set to 1. I've found two strange behaviours : 1°) When the requested script has a ".pl" extension, the physical path of the file is revealed. This allow us to identify (in this case) a Windows version. Quick cut-and-paste of the result page : ======8<========================================================== Error 500 Execution of Perl script e:\notes\data\domino\cgi-bin\NUL.pl failed. Error = 2 -------------------------------------------------------------------------------- Lotus-Domino/5.0.8 Content-type: text/html Error 500 Unable to run CGI program. No such file or directory -------------------------------------------------------------------------------- Lotus-Domino/5.0.8 ======8<========================================================== I've not investigated why there are two "Error 500 " in this page .... 2°) Any 500 error code is sent with the banner (here "Lotus-Domino/5.0.8") despite the NoBanner setting Nicolas Gregoire Exaprobe
Current thread:
- KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service Peter Gründl (Feb 04)
- Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service Nicolas Gregoire (Feb 07)
- Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service Chad Loder (Feb 07)
- Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service Nicolas Gregoire (Feb 07)