CVE-2007-0977
IBM Lotus Domino R5-R6 WebMail - Info Disclosure
Title source: llmDescription
IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Marco Ivaldi · bashremotewindows
https://www.exploit-db.com/exploits/3302
metasploit
WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb
Scores
EPSS
0.7012
EPSS Percentile
98.7%
Details
Status
published
Products (2)
ibm/lotus_domino
5.0
ibm/lotus_domino
6.0
Published
Feb 16, 2007
Tracked Since
Feb 18, 2026