Vulnerability Note VU#676552

Lotus Domino vulnerable to DoS via crafted unicode GET request

Original Release date: 23 Jul 2001 | Last revised: 26 Jul 2001


The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service situation.


Sending a crafted GET request containing numerous unicode characters can trigger a server exception that will crash the Domino server. If qnc.exe is removed from the system, the crash will only affect the web server.


A server exception will crash the Domino server resulting in a denial of service.


Upgrade to Notes/Domino 5.0.7 or later. See

Install an application layer filter to detect and block malicious requests.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
LotusAffected16 Oct 200012 Jul 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



Our thanks to Defcom Labs , who published an advisory on this and other problems, available at

This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.

Other Information

  • CVE IDs: Unknown
  • Date Public: 11 Apr 2001
  • Date First Published: 23 Jul 2001
  • Date Last Updated: 26 Jul 2001
  • Severity Metric: 10.50
  • Document Revision: 14


If you have feedback, comments, or additional information about this vulnerability, please send us email.