Lotus Domino Bad ACLs
---------------------

CVE Number: 
None

Details:
One or more of the following files was accessible via the web on the Lotus
Domino web server

  domcfg.nsf
  names.nsf
  log.nsf

The domcfg.nsf file contains Domino configuration information and settings.
The names.nsf file is the Domino Name and Address Book, and contains not only
information and system configuration settings, but user profile information.
The log.nsf file contains logging information. All of this information would
be beneficial to an attacker planning an attack.

Fix:
It is recommended that the ACLs be adjusted to disallow anonymous web access
to these files.

Related URLs:
http://www.l0pht.com/advisories/domino2.txt
http://www.lotus.com/news/topstories.nsf/a1d792857da52f638525630f004e7ab8/2e80b082b02612f085256593005e0f93?OpenDocument

$Id: lotus-domino-webserver,v 1.1 2000/11/21 19:01:49 loveless Exp $
