search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Lotus Domino vulnerable to DoS via crafted unicode GET request

Vulnerability Note VU#676552

Original Release Date: 2001-07-23 | Last Revised: 2001-07-26

Overview

The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service situation.

Description

Sending a crafted GET request containing numerous unicode characters can trigger a server exception that will crash the Domino server. If qnc.exe is removed from the system, the crash will only affect the web server.

Impact

A server exception will crash the Domino server resulting in a denial of service.

Solution

Upgrade to Notes/Domino 5.0.7 or later. See http://www.notes.net/qmrdown.nsf/QMRWelcome.

Install an application layer filter to detect and block malicious requests.

Vendor Information

676552
Expand all

Lotus

Notified:  October 16, 2000 Updated:  July 12, 2001

Status

  Vulnerable

Vendor Statement

[We] have addressed the issues reported to us by Defcom in R5.0.7

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See also http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?OpenDocument

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Our thanks to Defcom Labs , who published an advisory on this and other problems, available at http://www.securityfocus.com/frames/?content=/templates/advisory.html?id=3208.

This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.

Other Information

CVE IDs: None
Severity Metric: 10.50
Date Public: 2001-04-11
Date First Published: 2001-07-23
Date Last Updated: 2001-07-26 13:09 UTC
Document Revision: 14

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.