|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Lotus Software
Information for VU#355169
| Date Notified: | 2003-01-15 |
| Date Updated: | |
| Statement Date: | |
| Status Summary: | Vulnerable |
Vendor StatementNGSS Advisory Title: Lotus Domino Denial of Service Attacks
NGSS reference: NISR17022003d http://www.nextgenss.com/advisories/lotus-60dos.txt
SPR#KSPR5HTQHS
Status 5.x: Fixed in 5.0.12
Status 6.0: Fixed in 6.0.1
Document #: 1104528
Technote: http://www.ibm.com/support/docview.wss?rs=463&uid=swg21104528
CERT Reference: VU#355169Vendor InformationThe vendor has not provided us with any further information regarding this vulnerability.
Addendum<http://www.ibm.com/support/docview.wss?rs=463&uid=swg21104528>
| Lotus Domino Denial of Service Attacks; reported by NGSS |
 |
| Technote |
| |
| Problem |
| Certain incomplete or overly long POST requests can cause the HTTP server task to fail. This vulnerability can be exploited by a malicious user to bring down the Web server task. The server does not crash, but the HTTP task needs to be restarted. |
| |
 |
|
| Solution |
This issue was reported to Lotus Software Quality Engineering and has been addressed in Domino 5.0.12 and Domino 6.0.1.
Customers running 5.0x servers should upgrade to 5.0.12 or later to resolve the problem. Customers running 6.0 servers should upgrade to 6.0.1 or later to resolve the problem.
Excerpt from the Lotus Notes and Lotus Domino Release 5.0.12 and 6.0.1 Fix List
(available from http://www.lotus.com/ldd):
SPR# KSPR5HTQHS - Fixed a potential Denial of Service Attack.
Related URLs:
NGSS Advisory # NISR17022003d: http://www.nextgenss.com/advisories/lotus-60dos.txt
CERT VU# 355169: http://www.kb.cert.org/vuls |
|
|
|
|
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
