{"vuid":"VU#355169","idnumber":"355169","name":"Lotus Domino Web Server vulnerable to denial of service via incomplete POST request","keywords":["Lotus Domino Web Server","DoS","denial of service","POST request","nhttp.exe","KSPR5HTQHS"],"overview":"Lotus Domino Web Server is an application that provides access to Lotus Notes databases via HTTP requests. A vulnerability exists that could permit a remote attacker to cause a denial-of-service situation for HTTP requests.","clean_desc":"Lotus Domino Web Server contains a vulnerability in the nhttp.exe application that could permit a remote attacker to cause a denial-of-service situation when generating incomplete HTTP POST requests. This vulnerability was reportedly discovered using a Windows 2000 (SP3) machine running Domino Release 6.0. Further information is available in NGSSoftware advisory NISR17022003b and in IBM Technote 1104528 (SPR# KSPR5HTQHS). This vulnerability is addressed in Domino Releases 6.0.1 and 5.0.12.","impact":"A remote attacker may cause a denial-of-service situation for HTTP requests.","resolution":"Upgrade to Domino Release 6.0.1 or 5.0.12.","workarounds":"There are no  known workarounds for this vulnerability.","sysaffected":"","thanks":"Thanks to Mark Litchfield of NGS Software for reporting this vulnerability.","author":"This document was written by Jason A Rafail.","public":["http://www.nextgenss.com/advisories/lotus-60dos.txt","http://www-1.ibm.com/support/docview.wss?uid=swg21104528","http://www-1.ibm.com/support/docview.wss?uid=swg27003694","http://www-1.ibm.com/services/continuity/recover1.nsf/4699c03b46f2d4f68525678c006d45ae/85256a3400529a8685256cd7007ad897?OpenDocument","http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dt=&go=y&rs=ESD-DMNTSRVRi&S_TACT=&S_CMP=&sb=r"],"cveids":[""],"certadvisory":"CA-2003-11","uscerttechnicalalert":null,"datecreated":"2003-01-15T16:15:47Z","publicdate":"2003-02-17T00:00:00Z","datefirstpublished":"2003-02-21T19:40:40Z","dateupdated":"2003-03-26T17:16:42Z","revision":17,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"1","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"15","cam_impact":"3","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"3.7125","cam_scorecurrentwidelyknown":"10.125","cam_scorecurrentwidelyknownexploited":"16.875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.7125,"vulnote":null}