{"vuid":"VU#555464","idnumber":"555464","name":"Lotus Domino vulnerable to DoS via many large connects sent to 63148/TCP","keywords":["Lotus","Domino","DIIOP","CORBA","63148/TCP"],"overview":"The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service.","clean_desc":"A continuous stream of \"connect\" requests with a payload of 10K of data to TCP port 63148 (DIIOP - CORBA) will result in 100% CPU usage, the hard disk constantly being written to, and the memory slowly filling. The CPU usage will remain at 100% long after the attack is over.","impact":"Intruders can consume disk space, memory, and CPU cycles, possibly interrupting the normal operations of the Domino server.","resolution":"Upgrade to Notes/Domino 5.0.7 or later. See http://www.notes.net/qmrdown.nsf/QMRWelcome.","workarounds":"Restrict access to port 63148  to trusted users if possible using a firewall or router. Change the default DIIOP listening port from 63148.","sysaffected":"","thanks":"Our thanks to \nDefcom Labs\n, which published an advisory on this and other problems, available at \nhttp://www.securityfocus.com/frames/?content=/templates/advisory.html?id=3208.","author":"This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.","public":["http://www.securityfocus.com/bid/2599","http://www.securityfocus.com/advisories/3208","http://xforce.iss.net/static/6350.php","http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?OpenDocument"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-04-14T00:04:07Z","publicdate":"2001-04-11T00:00:00Z","datefirstpublished":"2001-07-12T20:18:59Z","dateupdated":"2001-07-17T19:13:11Z","revision":22,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"7","cam_impact":"8","cam_easeofexploitation":"15","cam_attackeraccessrequired":"15","cam_scorecurrent":"4.2525","cam_scorecurrentwidelyknown":"5.43375","cam_scorecurrentwidelyknownexploited":"10.15875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.2525,"vulnote":null}