search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Lotus Domino vulnerable to DoS via large crafted URL request

Vulnerability Note VU#642760

Original Release Date: 2001-07-12 | Last Revised: 2001-07-17


The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service.


HTTP requests to TCP port 80 consisting of multiple /'s, approximately 8k worth, will result in the consumption of the CPU (99-100%). Typically, 8k of the character "a" results in only 1% of CPU consumption.


CPU usage is pushed to maximum consumption, with a possible denial of service resulting.


Upgrade to Notes/Domino 5.0.7 or later. See

Install an application layer filter to detect and block malicious requests.

Vendor Information

Expand all


Notified:  October 16, 2000 Updated:  July 12, 2001



Vendor Statement

[We] have addressed the issues reported to us by Defcom in R5.0.7

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


See also

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A



Our thanks to Defcom Labs , which published an advisory on this and other problems, available at

This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.

Other Information

CVE IDs: None
Severity Metric: 10.50
Date Public: 2001-04-11
Date First Published: 2001-07-12
Date Last Updated: 2001-07-17 19:17 UTC
Document Revision: 22

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.