{"vuid":"VU#642760","idnumber":"642760","name":"Lotus Domino vulnerable to DoS via large crafted URL request","keywords":["Lotus","Domino"],"overview":"The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service.","clean_desc":"HTTP requests to TCP port 80 consisting of multiple /'s, approximately 8k worth, will result in the consumption of the CPU (99-100%). Typically, 8k of the character \"a\" results in only 1% of CPU consumption.","impact":"CPU usage is pushed to maximum consumption, with a possible denial of service resulting.","resolution":"Upgrade to Notes/Domino 5.0.7 or later. See http://www.notes.net/qmrdown.nsf/QMRWelcome.","workarounds":"Install an application layer filter to detect and block malicious requests.","sysaffected":"","thanks":"Our thanks to \nDefcom Labs\n, which published an advisory on this and other problems, available at \nhttp://www.securityfocus.com/frames/?content=/templates/advisory.html?id=3208.","author":"This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.","public":["http://www.securityfocus.com/bid/2598","http://xforce.iss.net/static/6351.php","http://www.securityfocus.com/advisories/3208","http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?OpenView&Start=3.111&Count=30&Expand=3.126#3.126"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-04-14T00:04:31Z","publicdate":"2001-04-11T00:00:00Z","datefirstpublished":"2001-07-12T20:30:28Z","dateupdated":"2001-07-17T19:17:22Z","revision":22,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"7","cam_impact":"8","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"10.5","cam_scorecurrentwidelyknown":"10.5","cam_scorecurrentwidelyknownexploited":"18.9","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":10.5,"vulnote":null}