5

CVE-2005-2428

EPSS 6.32%
Veröffentlicht 03.08.2005 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Lotus Domino Version5.0

Ibm ≫ Lotus Domino Version6.0

Ibm ≫ Lotus Domino Version6.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.32%	0.906

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://marc.info/?l=bugtraq&m=112240869130356&w=2

http://secunia.com/advisories/16231/

Vendor Advisory

http://securitytracker.com/id?1014584

http://www-1.ibm.com/support/docview.wss?uid=swg21212934

Vendor Advisory

http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf

Vendor Advisory

http://www.osvdb.org/18462

http://www.securiteam.com/securitynews/5FP0E15GLQ.html

http://www.securityfocus.com/bid/14389

https://exchange.xforce.ibmcloud.com/vulnerabilities/21556

https://www.exploit-db.com/exploits/39495/

https://nvd.nist.gov/vuln/detail/CVE-2005-2428

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-2428

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-2428

EUVD