CVE-2001-0846 in Domino
Summary
by MITRE
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 10/03/2025
The vulnerability described in CVE-2001-0846 represents a critical security flaw in IBM Lotus Domino 5.x email and collaboration server software that enables remote attackers to gain unauthorized access to sensitive system resources. This vulnerability specifically targets the Web Administrator template file known as webadmin.ntf, which serves as a critical administrative component within the Domino environment. The flaw exists in the server's handling of requests for ReplicaID information, which is a unique identifier used by Domino to track database replication across multiple servers. When an attacker makes a specially crafted request for the ReplicaID of the webadmin.ntf template, the server inadvertently reveals information that can be exploited to read arbitrary files or execute code on the target system.
The technical nature of this vulnerability stems from inadequate input validation and access control mechanisms within the Lotus Domino server implementation. The webadmin.ntf file contains administrative functions and configuration data that should be protected from unauthorized access. However, the server's response to ReplicaID requests does not properly authenticate or authorize the requester, allowing any remote attacker to obtain the necessary information to escalate privileges. This type of vulnerability falls under the category of information disclosure and privilege escalation, with direct implications for the confidentiality, integrity, and availability of the affected system. The vulnerability operates at the application layer and can be exploited through standard network protocols, making it particularly dangerous as it requires no special privileges or local access to initiate the attack.
The operational impact of this vulnerability is severe and multifaceted, as it provides attackers with the capability to read sensitive files from the server filesystem and execute arbitrary code with the privileges of the Domino service account. This could lead to complete system compromise, allowing attackers to access email databases, administrative credentials, and other confidential information stored within the Domino environment. The vulnerability affects the core functionality of the Lotus Domino server and could result in data breaches, unauthorized access to corporate communications, and potential disruption of business operations. Organizations using Lotus Domino 5.x systems were particularly vulnerable since this was a known issue in older versions that lacked proper security hardening. The attack vector is straightforward and can be automated, making it attractive to malicious actors seeking to exploit legacy systems.
The vulnerability aligns with CWE-200 (Information Disclosure) and CWE-78 (OS Command Injection) categories, demonstrating how improper handling of template replication identifiers can lead to multiple security issues. From an attacker's perspective, this vulnerability maps to several ATT&CK techniques including T1083 (File and Directory Discovery) and T1059 (Command and Scripting Interpreter) as attackers can use the information disclosure to locate sensitive files and then leverage the code execution capability to gain further access. Organizations should implement immediate mitigations including applying the relevant IBM security patches, restricting network access to Domino servers, implementing proper access controls for template files, and conducting thorough security assessments of legacy systems. The vulnerability highlights the importance of proper template management and replication control in enterprise email systems, emphasizing that administrative components must be protected from unauthorized access through robust authentication and authorization mechanisms.