CVE-2002-2191

Lotus Domino <5.0.9a - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2191. PoCs published by Frank Perreault.

AI-analyzed exploit summary The exploit describes an information disclosure vulnerability in Lotus Domino Server where requesting a non-existent NSF database reveals sensitive filesystem layout information. This occurs when 'DominoNoBanner' is set to '1', allowing remote attackers to gather reconnaissance data.

Description

Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Frank Perreault · textremotemultiple
https://www.exploit-db.com/exploits/21996

The exploit describes an information disclosure vulnerability in Lotus Domino Server where requesting a non-existent NSF database reveals sensitive filesystem layout information. This occurs when 'DominoNoBanner' is set to '1', allowing remote attackers to gather reconnaissance data.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Lotus Domino Server
No auth needed
Prerequisites: Lotus Domino Server with 'DominoNoBanner' set to '1'
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6128
Exploit vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10557.php

Scores

EPSS 0.0293
EPSS Percentile 85.4%

Details

Status published
Products (3)
lotus/domino 5.0.8
lotus/domino 5.0.9
lotus/domino 5.0.9a
Published Dec 31, 2002
Tracked Since Feb 18, 2026