Vulnerability Note VU#332299
Lotus Domino R5 Server vulnerable to DoS via nmap RPC scan on port 443/tcp
Versions earlier than 5.0.9 of Lotus Domino R5 Servers with Secure Socket Layer (SSL) enabled are vulnerable to a denial of sevice.
A remote user is able to crash the HTTP serving process on any Lotus Domino R5 Server using the nmap utility. Sending a request to port 443, the browser SSL port, will cause the HTTP server to stop responding.
A denial of service is caused.
Disable SSL. Apply an application layer filter to block scans connections to port 443.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Lotus||Affected||28 Jun 2001||17 Jul 2001|
CVSS Metrics (Learn More)
Our thanks to Mike Priest, who discovered this problem and reported it to Lotus and the CERT/CC.
This document was written by Jason Rafail.
- CVE IDs: Unknown
- Date Public: 30 Nov 2001
- Date First Published: 04 Dec 2001
- Date Last Updated: 04 Dec 2001
- Severity Metric: 7.51
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.