| VID |
22337 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
A version of Lotus Domino Server which is older than version 6.5.3 is detected as running on the host. Lotus Domino versions prior to 6.5.3 are vulnerable to a denial of service vulnerability, caused by a vulnerability in the processing of certain HTTP GET requests in the NLSCCSTR.DLL module. By sending a specially-crafted GET request with a long string of unicode characters prefixed with /cgi-bin/, a remote attacker can crash the nHTTP.exe web service, denying service to legitimate users.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/395126
http://www.securitytracker.com/alerts/2005/Apr/1013656.html
http://www.idefense.com/application/poi/display?id=224&type=vulnerabilities
* Platforms Affected:
IBM/Lotus Software Group, Lotus Domino versions prior to 6.5.3
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Lotus Domino Server (6.5.3 or later), available from the IBM Web site at http://www.lotus.com/products/product4.nsf/wdocs/dominohomepage |
| Related URL |
CVE-2005-0986 (CVE) |
| Related URL |
13045 (SecurityFocus) |
| Related URL |
19994 (ISS) |
|
