The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service situation.
Sending a crafted GET request containing numerous unicode characters can trigger a server exception that will crash the Domino server. If qnc.exe is removed from the system, the crash will only affect the web server.
A server exception will crash the Domino server resulting in a denial of service.
Install an application layer filter to detect and block malicious requests.
Our thanks to Defcom Labs, who published an advisory on this and other problems, available at http://www.securityfocus.com/frames/?content=/templates/advisory.html?id=3208.
This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.
|Date First Published:||2001-07-23|
|Date Last Updated:||2001-07-26 13:09 UTC|