Vulnerability Note VU#555464

Lotus Domino vulnerable to DoS via many large connects sent to 63148/TCP

Original Release date: 12 Jul 2001 | Last revised: 17 Jul 2001


The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service.


A continuous stream of "connect" requests with a payload of 10K of data to TCP port 63148 (DIIOP - CORBA) will result in 100% CPU usage, the hard disk constantly being written to, and the memory slowly filling. The CPU usage will remain at 100% long after the attack is over.


Intruders can consume disk space, memory, and CPU cycles, possibly interrupting the normal operations of the Domino server.


Upgrade to Notes/Domino 5.0.7 or later. See

Restrict access to port 63148 to trusted users if possible using a firewall or router. Change the default DIIOP listening port from 63148.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
LotusAffected16 Oct 200012 Jul 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



Our thanks to Defcom Labs , which published an advisory on this and other problems, available at

This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.

Other Information

  • CVE IDs: Unknown
  • Date Public: 11 Apr 2001
  • Date First Published: 12 Jul 2001
  • Date Last Updated: 17 Jul 2001
  • Severity Metric: 4.25
  • Document Revision: 22


If you have feedback, comments, or additional information about this vulnerability, please send us email.