[18499] in bugtraq
WORKAROUND: Lotus Domino 5.0.5 Web Server vulnerability
daemon@ATHENA.MIT.EDU (Leonardo Rodrigues)
Tue Jan 9 14:54:12 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-Id: <5.0.2.1.2.20010109105141.00a6b9b0@pop.persogo.com.br>
Date: Tue, 9 Jan 2001 10:56:47 -0300
Reply-To: Leonardo Rodrigues <coelho@PERSOGO.COM.BR>
From: Leonardo Rodrigues <coelho@PERSOGO.COM.BR>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3A55CFA1.8A44B873@guninski.com>
Well, as Lotus haven't released a fix for the *confirmed* bug, we
get a workaround. Adding the following line:
map */../* /something.nsf
at httpd.conf, seems to handle the bug. You should notice that
EVERYTHING using ../ links will stop working too, including the bug !
We tested this on NT4 sp6a and Domino 5.0.5, and we COULDN'T get
the bug working after those lines were added.
As we couldn't reproduce the bug on Linux Domino servers, and
seems that nobody could, we don't think adding those lines on Linux
httpd.conf servers is necessary.
Sincerily,
Leonardo Rodrigues
Solution Web ( http://www.solutionweb.com.br )
