Overview
Lotus Domino Web Server is an application that provides access to Lotus Notes databases via HTTP requests. A vulnerability exists that could permit a remote attacker to cause a denial-of-service situation for HTTP requests.
Description
Lotus Domino Web Server contains a vulnerability in the nhttp.exe application that could permit a remote attacker to cause a denial-of-service situation when generating incomplete HTTP POST requests. This vulnerability was reportedly discovered using a Windows 2000 (SP3) machine running Domino Release 6.0. Further information is available in NGSSoftware advisory NISR17022003b and in IBM Technote 1104528 (SPR# KSPR5HTQHS). This vulnerability is addressed in Domino Releases 6.0.1 and 5.0.12. |
Impact
A remote attacker may cause a denial-of-service situation for HTTP requests. |
Solution
There are no known workarounds for this vulnerability. |
Vendor Information
Lotus Software Affected
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.nextgenss.com/advisories/lotus-60dos.txt
- http://www-1.ibm.com/support/docview.wss?uid=swg21104528
- http://www-1.ibm.com/support/docview.wss?uid=swg27003694
- http://www-1.ibm.com/services/continuity/recover1.nsf/4699c03b46f2d4f68525678c006d45ae/85256a3400529a8685256cd7007ad897?OpenDocument
- http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dt=&go=y&rs=ESD-DMNTSRVRi&S_TACT=&S_CMP=&sb=r
Acknowledgements
Thanks to Mark Litchfield of NGS Software for reporting this vulnerability.
This document was written by Jason A Rafail.
Other Information
| CVE IDs: | None |
| CERT Advisory: | CA-2003-11 |
| Severity Metric: | 3.71 |
| Date Public: | 2003-02-17 |
| Date First Published: | 2003-02-21 |
| Date Last Updated: | 2003-03-26 17:16 UTC |
| Document Revision: | 17 |