Vulnerability Note VU#642760
Lotus Domino vulnerable to DoS via large crafted URL request
The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service.
HTTP requests to TCP port 80 consisting of multiple /'s, approximately 8k worth, will result in the consumption of the CPU (99-100%). Typically, 8k of the character "a" results in only 1% of CPU consumption.
CPU usage is pushed to maximum consumption, with a possible denial of service resulting.
Install an application layer filter to detect and block malicious requests.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Lotus||Affected||16 Oct 2000||12 Jul 2001|
CVSS Metrics (Learn More)
- VU#601312 VU#676552 VU#890128 VU#555464
Our thanks to Defcom Labs, which published an advisory on this and other problems, available at http://www.securityfocus.com/frames/?content=/templates/advisory.html?id=3208.
This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.
- CVE IDs: Unknown
- Date Public: 11 Apr 2001
- Date First Published: 12 Jul 2001
- Date Last Updated: 17 Jul 2001
- Severity Metric: 10.50
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.