Vulnerability Note VU#890128
Lotus Domino vulnerable to a denial of service via DOS device request
The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial-of-service situation on the Windows and OS/2 Platforms.
With the Lotus Domino Web Server, you can access DOS-devices. If this is done through the cgi-bin directory, a ncgihttp.exe process will be opened to handle the execution of the request. A flaw exists where this processing will not finish. After numerous requests have been made, the server will no longer respond to requests on tcp port 80.
A denial of service results on Windows and OS/2 platforms.
If possible, disable access to DOS-Devices through the web server's cgi-bin directory. An application layer filter may be able to detect and block such requests.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Lotus||Affected||16 Oct 2000||12 Jul 2001|
CVSS Metrics (Learn More)
- VU#601312 VU#676552 VU#555464 VU#642760
Our thanks to Defcom Labs, who published an advisory on this and other problems, available at http://www.securityfocus.com/frames/?content=/templates/advisory.html?id=3208.
This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.
- CVE IDs: Unknown
- Date Public: 11 Apr 2001
- Date First Published: 12 Jul 2001
- Date Last Updated: 12 Jul 2001
- Severity Metric: 5.07
- Document Revision: 18
If you have feedback, comments, or additional information about this vulnerability, please send us email.