Title: Lotus Domino R5 Server GET Request DoS Vulnerability
Severity: MODERATE
Description:
Lotus Domino is a multiplatform web server which integrates messaging and various interactive web applications.
Due to the handling of unusual GET requests, it is possible for a remote user to exhaust system resources on a host running Lotus Domino Server R5 prior to version 5.0.7.
Submitting a GET request composed of an arbitrary string of unicode characters (16 bit), will cause the server, and possibly other applications depending on it, to stop responding.
A restart of the server is required in order to gain normal functionality.
The qnc.exe file regulates the virtual memory of a host running Lotus. It has been reported that, following the removal of this file, only the performance of the web server will be affected by an attack of this type.
Affected Products:
- Lotus Domino 5.0.1
- Lotus Domino 5.0.2
- Lotus Domino 5.0.3
- Lotus Domino 5.0.4
- Lotus Domino 5.0.5
- Lotus Domino 5.0.6
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
