Overview
Versions earlier than 5.0.9 of Lotus Domino R5 Servers with Secure Socket Layer (SSL) enabled are vulnerable to a denial of sevice.
Description
A remote user is able to crash the HTTP serving process on any Lotus Domino R5 Server using the nmap utility. Sending a request to port 443, the browser SSL port, will cause the HTTP server to stop responding. |
Impact
A denial of service is caused. |
Solution
Disable SSL. Apply an application layer filter to block scans connections to port 443. |
Vendor Information
332299
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Our thanks to Mike Priest, who discovered this problem and reported it to Lotus and the CERT/CC.
This document was written by Jason Rafail.
Other Information
| CVE IDs: | None |
| Severity Metric: | 7.51 |
| Date Public: | 2001-11-30 |
| Date First Published: | 2001-12-04 |
| Date Last Updated: | 2001-12-04 16:29 UTC |
| Document Revision: | 14 |