IBM Lotus Domino Web Server Unspecified Remote Denial of Service Vulnerability
BID:24307
Info
IBM Lotus Domino Web Server Unspecified Remote Denial of Service Vulnerability
| Bugtraq ID: | 24307 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-0067 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 04 2007 12:00AM |
| Updated: | Feb 11 2008 09:16PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
IBM Lotus Domino 7.0.2 FP1 IBM Lotus Domino 7.0.2 IBM Lotus Domino 7.0.1 IBM Lotus Domino 7.0 IBM Lotus Domino 6.5.5 FP2 IBM Lotus Domino 6.5.5 FP1 IBM Lotus Domino 6.5.5 IBM Lotus Domino 6.5.4 FP 2 IBM Lotus Domino 6.5.4 FP 1 IBM Lotus Domino 6.5.4 IBM Lotus Domino 6.5.3 IBM Lotus Domino 6.5.2 IBM Lotus Domino 6.5.1 IBM Lotus Domino 6.5 .0 IBM Lotus Domino 6.0.5 IBM Lotus Domino 6.0.4 IBM Lotus Domino 6.0.4 IBM Lotus Domino 6.0.3 IBM Lotus Domino 6.0.2 CF2 IBM Lotus Domino 6.0.2 IBM Lotus Domino 6.0.1 IBM Lotus Domino 6.0 |
| Not Vulnerable: |
IBM Lotus Domino 7.0.3 IBM Lotus Domino 7.0.2 FP2 IBM Lotus Domino 6.5.6 IBM Lotus Domino 6.5.5 FP3 |
Discussion
IBM Lotus Domino Web Server Unspecified Remote Denial of Service Vulnerability
The webserver included with IBM Lotus Domino is prone to a remote denial-of-service vulnerability because the software fails to properly handle certain HTTP requests.
Successfully exploiting this issue allows remote attackers to crash affected webservers, denying further service to legitimate users.
This issue is a regression introduced in version 6.0 of Lotus Domino.
The webserver included with IBM Lotus Domino is prone to a remote denial-of-service vulnerability because the software fails to properly handle certain HTTP requests.
Successfully exploiting this issue allows remote attackers to crash affected webservers, denying further service to legitimate users.
This issue is a regression introduced in version 6.0 of Lotus Domino.
Exploit / POC
IBM Lotus Domino Web Server Unspecified Remote Denial of Service Vulnerability
Attackers may use a browser to exploit this issue.
DSquare Security has developed a working commercial exploit for its D2 Exploitation Pack product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Attackers may use a browser to exploit this issue.
DSquare Security has developed a working commercial exploit for its D2 Exploitation Pack product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
IBM Lotus Domino Web Server Unspecified Remote Denial of Service Vulnerability
Solution:
The vendor released updates to address this issue. Please see the references for more information.
Solution:
The vendor released updates to address this issue. Please see the references for more information.
References
IBM Lotus Domino Web Server Unspecified Remote Denial of Service Vulnerability
References:
References: