| VID |
22200 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Lotus Domino Web server, according to its version number, has a buffer overflow vulnerability in performing a redirect operation. This vulnerability can be exploited by a remote attacker to gain control of affected servers.
When the server receives an overly long "Host:" header value, the server builds the 302 Redirect response and implants this value into the "Location" server header. It can cause a buffer overflow on the server and execute arbitrary code on the system with elevated privileges.
* Note: This check solely relied on the version number of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.nextgenss.com/advisories/lotus-hostlocbo.txt
http://www.kb.cert.org/vuls/id/772817
* Platforms Affected:
Lotus Domino 6.0 Release |
| Recommendation |
Upgrade to the latest version of Lotus Domino (6.0.1 or later), available from the IBM Web site:
http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dt=&go=y&rs=ESD-DMNTSRVRi&S_TACT=&S_CMP=&sb=r |
| Related URL |
CVE-2003-0178 (CVE) |
| Related URL |
6870 (SecurityFocus) |
| Related URL |
11337 (ISS) |
|
