search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Lotus Domino vulnerable to DoS via many large connects sent to 63148/TCP

Vulnerability Note VU#555464

Original Release Date: 2001-07-12 | Last Revised: 2001-07-17


The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service.


A continuous stream of "connect" requests with a payload of 10K of data to TCP port 63148 (DIIOP - CORBA) will result in 100% CPU usage, the hard disk constantly being written to, and the memory slowly filling. The CPU usage will remain at 100% long after the attack is over.


Intruders can consume disk space, memory, and CPU cycles, possibly interrupting the normal operations of the Domino server.


Upgrade to Notes/Domino 5.0.7 or later. See

Restrict access to port 63148 to trusted users if possible using a firewall or router. Change the default DIIOP listening port from 63148.

Vendor Information


Lotus Affected

Notified:  October 16, 2000 Updated: July 12, 2001



Vendor Statement

[We] have addressed the issues reported to us by Defcom in R5.0.7

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


See also

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



Our thanks to Defcom Labs, which published an advisory on this and other problems, available at

This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.

Other Information

CVE IDs: None
Severity Metric: 4.25
Date Public: 2001-04-11
Date First Published: 2001-07-12
Date Last Updated: 2001-07-17 19:13 UTC
Document Revision: 22

Sponsored by CISA.