{"vuid":"VU#676552","idnumber":"676552","name":"Lotus Domino vulnerable to DoS via crafted unicode GET request","keywords":["Lotus","Domino","unicode","GET","qnc.exe"],"overview":"The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service situation.","clean_desc":"Sending a crafted GET request containing numerous unicode characters can trigger a server exception that will crash the Domino server. If qnc.exe is removed from the system, the crash will only affect the web server.","impact":"A server exception will crash the Domino server resulting in a denial of service.","resolution":"Upgrade to Notes/Domino 5.0.7 or later. See http://www.notes.net/qmrdown.nsf/QMRWelcome.","workarounds":"Install an application layer filter to detect and block malicious requests.","sysaffected":"","thanks":"Our thanks to \nDefcom Labs\n, who published an advisory on this and other problems, available at \nhttp://www.securityfocus.com/frames/?content=/templates/advisory.html?id=3208.","author":"This document was written by Jason Rafail and is based on information obtained from a Defcom Labs Advisory.","public":["http://www.securityfocus.com/bid/2571","http://xforce.iss.net/static/6349.php","http://www.securityfocus.com/advisories/3208"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-04-14T00:02:24Z","publicdate":"2001-04-11T00:00:00Z","datefirstpublished":"2001-07-23T15:48:04Z","dateupdated":"2001-07-26T13:09:38Z","revision":14,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"7","cam_impact":"8","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"10.5","cam_scorecurrentwidelyknown":"10.5","cam_scorecurrentwidelyknownexploited":"18.9","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":10.5,"vulnote":null}