Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   IBM iNotes and Domino Vendors:   IBM
Lotus Domino Web Server Lets Remote Users Cause Arbitrary Javascript to be Executed by Another User's Browser
SecurityTracker Alert ID:  1001911
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 2 2001
Impact:   Execution of arbitrary code via network
Exploit Included:  Yes  
Version(s): 5.0.6
Description:   A cross-site scripting vulnerability has been reported in the Lotus Domino web server that allows remote users create specially crafted URLs that will cause Javascript to be executed by other users.

Domino is vulnerable to a URL cross-site scripting attack.

The following requests for non-existent files will cause the server to return the specified JavaScript code in the 'File Not Found' reply sent back to the requesting user.


The Javascript code will then be executed by the requesting user within the server's domain.

Impact:   A remote user can create a web page or send an HTML-based e-mail message containing a specific URL that, when clicked on by the target user or when automatically fetched via Javascript code, will cause code in the URL to be executed by the target user's browser. The code will appear to the browser to be code from the server.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Caldera/SCO), Linux (Red Hat Linux), Linux (SuSE), Linux (Turbo Linux), UNIX (Any), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Vendor Confirms) Re: Lotus Domino Web Server Lets Remote Users Cause Arbitrary Javascript to be Executed by Another User's Browser
The vendor has confirmed the vulnerability and is currently working on a fix for v5.0.9.

 Source Message Contents

Subject:  Lotus Domino Server Cross-Site Scripting Vulnerability

Lotus Domino Server Cross-Site Scripting Vulnerability

Affected products:
  Lotus Domino Server 5.0.6

Vendor status:
    18 Mar 2001 09:59:51 +0900 (105 days before),
    20 Mar 2001 13:36:29 -0500
    > Dear Hiromitsu Tagaki,
    > I would like to thank you for bringing this issue to our attention.  Lotus
    > takes all reports of this nature very seriously and we will investigate
    > immediately.
    > For future reference, may I ask that you contact us at
    > Senior Product Manager, Notes and Domino Security
    > Lotus Development Corporation

  Accessing the following URL, the JavaScript code will be executed
  in the browser on the server's domain.<img%20src=javascript:alert(document.domain)>

  This page produces output like this:
  Error 404
  HTTP Web Server: Couldn't find design note - ******

  Lotus-Domino Release 5.0.6a
  ******: The JavaScript code is executed here.

  This vulnerability is quite similar to "IIS cross-site scripting
  vulnerabilities (MS00-060)" reported by Microsoft on August 25, 2000.

  For the detail about cross-site scripting, see the following pages.

  Customize error pages.

Hiromitsu Takagi, Ph.D.
National Institute of Advanced Industrial Science and Technology,
Tsukuba Central 2, 1-1-1, Umezono, Tsukuba, Ibaraki 305-8568, Japan


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC