The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service situation.
Sending a crafted GET request containing numerous unicode characters can trigger a server exception that will crash the Domino server. If qnc.exe is removed from the system, the crash will only affect the web server.
A server exception will crash the Domino server resulting in a denial of service.
Install an application layer filter to detect and block malicious requests.
Our thanks to Defcom Labs , who published an advisory on this and other problems, available at http://www.securityfocus.com/frames/?content=/templates/advisory.html?id=3208.
This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.
|Date First Published:||2001-07-23|
|Date Last Updated:||2001-07-26 13:09 UTC|