Vulnerability Note VU#355169
Lotus Domino Web Server vulnerable to denial of service via incomplete POST request
Lotus Domino Web Server is an application that provides access to Lotus Notes databases via HTTP requests. A vulnerability exists that could permit a remote attacker to cause a denial-of-service situation for HTTP requests.
Lotus Domino Web Server contains a vulnerability in the nhttp.exe application that could permit a remote attacker to cause a denial-of-service situation when generating incomplete HTTP POST requests. This vulnerability was reportedly discovered using a Windows 2000 (SP3) machine running Domino Release 6.0.
A remote attacker may cause a denial-of-service situation for HTTP requests.
There are no known workarounds for this vulnerability.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Lotus Software||Affected||15 Jan 2003||17 Mar 2003|
CVSS Metrics (Learn More)
Thanks to Mark Litchfield of NGS Software for reporting this vulnerability.
This document was written by Jason A Rafail.
- CVE IDs: Unknown
- CERT Advisory: CA-2003-11
- Date Public: 17 Feb 2003
- Date First Published: 21 Feb 2003
- Date Last Updated: 26 Mar 2003
- Severity Metric: 3.71
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.