IBM Lotus Domino Web Server Unspecified Remote Denial of Service Vulnerability
TITLE: IBM Lotus Domino Web Server Unspecified Remote Denial of Service Vulnerability
CLASS: Failure to Handle Exceptional Conditions
CVE: CVE-2007-0067
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 04 2007 12:00AM
UPDATE: Jun 04 2007 12:00AM
CREDIT: The vendor disclosed this issue.
VULNERABLE:
IBM Lotus Domino 7.0.2 FP1NOT VULNERABLE:
IBM Lotus Domino 7.0.2
IBM Lotus Domino 7.0.1
IBM Lotus Domino 7.0
IBM Lotus Domino 6.5.5 FP2
IBM Lotus Domino 6.5.5 FP1
IBM Lotus Domino 6.5.5
IBM Lotus Domino 6.5.4 FP 2
IBM Lotus Domino 6.5.4 FP 1
IBM Lotus Domino 6.5.4
IBM Lotus Domino 6.5.3
IBM Lotus Domino 6.5.2
IBM Lotus Domino 6.5.1
IBM Lotus Domino 6.5 .0
IBM Lotus Domino 6.0.5
IBM Lotus Domino 6.0.4
IBM Lotus Domino 6.0.4
IBM Lotus Domino 6.0.3
IBM Lotus Domino 6.0.2 CF2
IBM Lotus Domino 6.0.2
IBM Lotus Domino 6.0.1
IBM Lotus Domino 6.0
IBM Lotus Domino 7.0.3
IBM Lotus Domino 7.0.2 FP2
IBM Lotus Domino 6.5.6
IBM Lotus Domino 6.5.5 FP3
Vai alla pagina originale su Security Focus
Discussion
The webserver included with IBM Lotus Domino is prone to a remote denial-of-service vulnerability because the software fails to properly handle certain HTTP requests.
Successfully exploiting this issue allows remote attackers to crash affected webservers, denying further service to legitimate users.
This issue is a regression introduced in version 6.0 of Lotus Domino.
Exploit
Attackers may use a browser to exploit this issue.
Solution
Solution:
The vendor released updates to address this issue. Please see the references for more information.
References
References:
- Lotus Domino Product Homepage (IBM)
- Accessing certain URLs can cause the IBM Lotus Domino Web Server to crash (IBM)