{"vuid":"VU#772563","idnumber":"772563","name":"Lotus Domino web server vulnerable to buffer overflow via long HTTP authentication header containing non-ASCII characters","keywords":["Lotus Domino","buffer overflow","long HTTP authentication header","non-ASCII characters","DOMLOG.NSF"],"overview":"A remotely exploitable buffer overflow exists in versions of IBM's Lotus Domino web server prior to R5.0.10.","clean_desc":"A remotely exploitable buffer overflow exists in the Lotus Domino web server. The overflow can occur as the result of an overly long HTTP Authenticate header containing certain non-ASCII characters. For more information, please see the IBM Technote.","impact":"An intruder can execute arbitrary code with the privileges of the Lotus Domino web server.","resolution":"Upgrade to R5.0.10 or later.","workarounds":"Workaround\nLog to text files instead of domlog.nsf.","sysaffected":"","thanks":"This vulnerability was discovered by \nThe Relay Group","author":"This document was written by Ian A. Finlay.","public":["http://www-1.ibm.com/support/docview.wss?rs=0&org=sims&doc=96F6A9D96DFD8BB585256B8A005A8C57","http://securitytracker.com/alerts/2002/Apr/1004052.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-04-23T13:45:19Z","publicdate":"2002-04-23T00:00:00Z","datefirstpublished":"2003-01-13T15:25:54Z","dateupdated":"2003-01-13T15:28:08Z","revision":6,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"17","cam_population":"10","cam_impact":"20","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"36","cam_scorecurrentwidelyknown":"41.625","cam_scorecurrentwidelyknownexploited":"64.125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":36.0,"vulnote":null}