CVE-2007-0977

IBM Lotus Domino R5-R6 WebMail - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-0977. PoCs published by Marco Ivaldi, including Metasploit module auxiliary/scanner/lotus/lotus_domino_hashes.

AI-analyzed exploit summary This script exploits CVE-2007-0977 to dump sensitive information, including password hashes, from Lotus Domino R5/R6 WebMail by querying the names.nsf database via HTTP requests. It automates the extraction of hidden form fields containing user credentials and metadata.

Description

IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Marco Ivaldi · bashremotewindows
https://www.exploit-db.com/exploits/3302

This script exploits CVE-2007-0977 to dump sensitive information, including password hashes, from Lotus Domino R5/R6 WebMail by querying the names.nsf database via HTTP requests. It automates the extraction of hidden form fields containing user credentials and metadata.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Lotus Domino R5/R6 WebMail
No auth needed
Prerequisites: Lotus Domino R5/R6 WebMail with 'Generate HTML for all fields' enabled · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb

This Metasploit auxiliary module exploits an information disclosure vulnerability in Lotus Domino to extract password hashes from the names.nsf database. It supports both authenticated and unauthenticated access, depending on server configuration.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: IBM Lotus Domino (versions affected by CVE-2007-0977)
No auth needed
Prerequisites: Network access to Lotus Domino server · names.nsf accessible via HTTP/HTTPS
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35764
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3302

Scores

EPSS 0.7012
EPSS Percentile 98.7%

Details

Status published
Products (2)
ibm/lotus_domino 5.0
ibm/lotus_domino 6.0
Published Feb 16, 2007
Tracked Since Feb 18, 2026