Vulnerabilities > CVE-2003-0181 - Denial Of Service vulnerability in IBM Lotus Domino web Server 6.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Web Servers |
NASL id | WWW_TOO_LONG_HEADER11.NASL |
description | It was possible to kill the web server by sending an invalid request with a too long HTTP 1.1 header (Accept-Encoding, Accept-Language, Accept-Range, Connection, Expect, If-Match, If-None-Match, If-Range, If-Unmodified-Since, Max-Forwards, TE, Host). This vulnerability could be exploited to crash the web server. It might even be possible to execute arbitrary code on your system. ** As this is a generic test, it is not possible to know if the impact ** is limited to a denial of service. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11129 |
published | 2002-09-21 |
reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11129 |
title | Web Server HTTP 1.1 Header Remote Overflow |
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html
- http://www.cert.org/advisories/CA-2003-11.html
- http://www.nextgenss.com/advisories/lotus-60dos.txt
- http://www.securityfocus.com/bid/6951
- http://www-1.ibm.com/support/docview.wss?uid=swg21104528
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11361