Vulnerability Note VU#642760

Lotus Domino vulnerable to DoS via large crafted URL request

Original Release date: 12 Jul 2001 | Last revised: 17 Jul 2001


The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service.


HTTP requests to TCP port 80 consisting of multiple /'s, approximately 8k worth, will result in the consumption of the CPU (99-100%). Typically, 8k of the character "a" results in only 1% of CPU consumption.


CPU usage is pushed to maximum consumption, with a possible denial of service resulting.


Upgrade to Notes/Domino 5.0.7 or later. See

Install an application layer filter to detect and block malicious requests.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
LotusAffected16 Oct 200012 Jul 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



Our thanks to Defcom Labs, which published an advisory on this and other problems, available at

This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.

Other Information

  • CVE IDs: Unknown
  • Date Public: 11 Apr 2001
  • Date First Published: 12 Jul 2001
  • Date Last Updated: 17 Jul 2001
  • Severity Metric: 10.50
  • Document Revision: 22


If you have feedback, comments, or additional information about this vulnerability, please send us email.