[22687] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

lotus domino server 5.08 is very gabby

daemon@ATHENA.MIT.EDU (Frank.Boldewin@gmx.de)
Wed Sep 19 20:24:20 2001

Date: Wed, 19 Sep 2001 08:47:40 +0200 (MEST)
From: Frank.Boldewin@gmx.de
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Message-ID: <10717.1000882060@www1.gmx.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

maybe this is nothing new, but when i looked at some
html raw headers after i surfed to a lotus domino 5.08 webserver,
he tells me the following information :

Lotus-Domino (Release 5.0.8 - June 18, 2001 on AIX)

and further a request like this :

GET //////////// HTTP/1.0

gives me the internal ip-address, if the firewall or the router does NAT :

HREF="http://10.65.59.30/

So now, is it possible to suppress these informations ?
What i'm searching for, is a switch like ServerTokens on
Apache Servers in the httpd.conf

As there is no source for this server available, the only idea i have,
is to patch the binary.

Every other good idea is welcome.

cheers

Frank
 

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[22687] in bugtraq

lotus domino server 5.08 is very gabby

daemon@ATHENA.MIT.EDU (Frank.Boldewin@gmx.de)Wed Sep 19 20:24:20 2001

daemon@ATHENA.MIT.EDU (Frank.Boldewin@gmx.de)
Wed Sep 19 20:24:20 2001