Vulnerability Note VU#555464
Lotus Domino vulnerable to DoS via many large connects sent to 63148/TCP
The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service.
A continuous stream of "connect" requests with a payload of 10K of data to TCP port 63148 (DIIOP - CORBA) will result in 100% CPU usage, the hard disk constantly being written to, and the memory slowly filling. The CPU usage will remain at 100% long after the attack is over.
Intruders can consume disk space, memory, and CPU cycles, possibly interrupting the normal operations of the Domino server.
Restrict access to port 63148 to trusted users if possible using a firewall or router. Change the default DIIOP listening port from 63148.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Lotus||Affected||16 Oct 2000||12 Jul 2001|
CVSS Metrics (Learn More)
- VU#601312 VU#676552 VU#890128 VU#642760
Our thanks to Defcom Labs , which published an advisory on this and other problems, available at http://www.securityfocus.com/frames/?content=/templates/advisory.html?id=3208.
This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.
- CVE IDs: Unknown
- Date Public: 11 Apr 2001
- Date First Published: 12 Jul 2001
- Date Last Updated: 17 Jul 2001
- Severity Metric: 4.25
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.