CVE-2001-0009

Lotus Domino 5.0.5 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-0009. PoCs published by Michael Smith, Georgi Guninski.

AI-analyzed exploit summary This Perl script tests for a directory traversal vulnerability in Lotus Domino Server 5.0.6 and earlier by sending crafted HTTP requests with various encoded paths to access the 'notes.ini' file. It does not exploit the vulnerability but scans for its presence.

Description

Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.

Exploits (2)

exploitdb SCANNER VERIFIED
by Michael Smith · perlremotemultiple
https://www.exploit-db.com/exploits/20529

This Perl script tests for a directory traversal vulnerability in Lotus Domino Server 5.0.6 and earlier by sending crafted HTTP requests with various encoded paths to access the 'notes.ini' file. It does not exploit the vulnerability but scans for its presence.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Lotus Domino Server 5.0.6 and earlier
No auth needed
Prerequisites: Network access to the target server · Lotus Domino Server running on port 80 or specified port
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Georgi Guninski · bashremotemultiple
https://www.exploit-db.com/exploits/20530

This script exploits a directory traversal vulnerability in Lotus Domino Server 5.0.6 and earlier by crafting an HTTP request with '.nsf/../' to access arbitrary files on the server. It uses lynx to fetch and display the contents of the specified file.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Lotus Domino Server 5.0.6 and earlier
No auth needed
Prerequisites: Lotus Domino Server 5.0.6 or earlier · Network access to the target server
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/1703
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5899
Patch mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/155124
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/154537
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2173

Scores

EPSS 0.0934
EPSS Percentile 94.7%

Details

Status published
Products (4)
lotus/domino_server 5.0.2
lotus/domino_server 5.0.3
lotus/domino_server 5.0.5
lotus/domino_server 5.0.6
Published Feb 12, 2001
Tracked Since Feb 18, 2026