Versions earlier than 5.0.9 of Lotus Domino R5 Servers with Secure Socket Layer (SSL) enabled are vulnerable to a denial of sevice.
A remote user is able to crash the HTTP serving process on any Lotus Domino R5 Server using the nmap utility. Sending a request to port 443, the browser SSL port, will cause the HTTP server to stop responding.
A denial of service is caused.
Disable SSL. Apply an application layer filter to block scans connections to port 443.
Our thanks to Mike Priest, who discovered this problem and reported it to Lotus and the CERT/CC.
This document was written by Jason Rafail.
|Date First Published:||2001-12-04|
|Date Last Updated:||2001-12-04 16:29 UTC|