Unrated severityNVD Advisory· Published Dec 31, 2001· Updated Apr 16, 2026

CVE-2001-1567

Description

Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.

Affected products

IBM/Lotus Domino11 versions
cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:5.0.4:*:solaris:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:5.0.7:*:solaris:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*
IBM/Lotus Domino Server
cpe:2.3:a:ibm:lotus_domino_server:*:*:*:*:*:*:*:*
Range: <=5.0.9a

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.nextgenss.com/papers/hpldws.pdfnvdVendor Advisory
marc.infonvd
marc.infonvd
marc.infonvd
www.iss.net/security_center/static/8072.phpnvd
www.securityfocus.com/bid/4022nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000