NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2005-2428

Summary	Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
Publication Date	Aug. 3, 2005, 1 p.m.
Registration Date	Jan. 29, 2021, 5:58 p.m.
Last Update	Sept. 10, 2017, 10:29 a.m.

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:ibm:lotus_domino:5.0:::::::*
cpe:2.3:a:ibm:lotus_domino:6.0:::::::*
cpe:2.3:a:ibm:lotus_domino:6.5:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://marc.info/?l=bugtraq&m=112240869130356&w=2	BUGTRAQ
2	http://secunia.com/advisories/16231/	SECUNIA	Vendor Advisory
3	http://securitytracker.com/id?1014584	SECTRACK
4	http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf	MISC	Vendor Advisory
5	http://www.osvdb.org/18462	OSVDB
6	http://www.securiteam.com/securitynews/5FP0E15GLQ.html	MISC
7	http://www.securityfocus.com/bid/14389	BID
8	http://www-1.ibm.com/support/docview.wss?uid=swg21212934	CONFIRM	Vendor Advisory
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/21556	XF
10	https://www.exploit-db.com/exploits/39495/	EXPLOIT-DB

Common Vulnerabilities List