CVE-2000-1117

Published: Jan 9, 2001Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.

Affected (1)

Products: Ibm: Lotus Notes

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Lotus Notes	Version r5

Related CWEs

Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (4)

http://archives.neohapsis.com/archives/bugtraq/2000-11/0341.html

Source: cve@mitre.org

Broken Link

http://www.securityfocus.com/bid/1994

Source: cve@mitre.org

Broken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory

http://archives.neohapsis.com/archives/bugtraq/2000-11/0341.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securityfocus.com/bid/1994

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory

Timeline

No history available yet.