search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Lotus Domino vulnerable to DoS via crafted unicode GET request

Vulnerability Note VU#676552

Original Release Date: 2001-07-23 | Last Revised: 2001-07-26


The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service situation.


Sending a crafted GET request containing numerous unicode characters can trigger a server exception that will crash the Domino server. If qnc.exe is removed from the system, the crash will only affect the web server.


A server exception will crash the Domino server resulting in a denial of service.


Upgrade to Notes/Domino 5.0.7 or later. See

Install an application layer filter to detect and block malicious requests.

Vendor Information

Affected   Unknown   Unaffected


Notified:  October 16, 2000 Updated:  July 12, 2001



Vendor Statement

[We] have addressed the issues reported to us by Defcom in R5.0.7

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


See also

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A



Our thanks to Defcom Labs , who published an advisory on this and other problems, available at

This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.

Other Information

CVE IDs: None
Severity Metric: 10.50
Date Public: 2001-04-11
Date First Published: 2001-07-23
Date Last Updated: 2001-07-26 13:09 UTC
Document Revision: 14

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.