To exploit this vulnerability, an attacker must establish an HTTP connection with an affected system and send a malicious request. Sites that restrict external access to affected systems may require attackers to gain internal network access prior to performing an exploit. An exploit resulting in the successful execution of arbitrary code with elevated privileges could allow the attacker to gain complete control over the affected system. Because systems may hold sensitive user information, such as user mail stores, an attacker could access confidential information as part of an exploit. The compromise of an affected system may also allow the attacker to launch further attacks against an affected site.
The extended impact of this vulnerability will be directly dependent on the platform on which the affected software is running. The Lotus Domino Web server is commonly installed with elevated privileges on Microsoft Windows-based systems, making the impact to such a system severe. The privileges granted to the Domino Web service on Linux and Unix-based systems will be dependent on the particular installation; however, in general, a reduced privilege account is used to run the affected service.
Vendor-provided CVSS scoring addresses only the availability impact of this vulnerability. This may indicate that code execution as a result of an exploit may be technically difficult or unproven. The vendor's scoring also indicates the existence of proof-of-concept code that is related to this vulnerability, but no proof-of-concept is known to exist publicly. However, sufficient information to perform an exploit has been publicly released.