Vulnerabilities > CVE-2017-1129 - Unspecified vulnerability in IBM Expeditor and Inotes

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

ibm

exploit available

metasploit

NVD

Published: 2017-09-05

Updated: 2019-10-03

Summary

IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Inotes 8.5.0.0 IBM Inotes 8.5.1.0 IBM Inotes 8.5.1.1 IBM Inotes 8.5.1.5 IBM Inotes 8.5.2.0 IBM Inotes 8.5.2.1 IBM Inotes 8.5.2.4 IBM Inotes 8.5.3.0 IBM Inotes 8.5.3.1 IBM Inotes 8.5.3.6 IBM Inotes 9.0.0.0 IBM Inotes 9.0.1.0 IBM Inotes 9.0.1.1 IBM Inotes 9.0.1.8 IBM Expeditor 6.2.1 IBM Expeditor 6.2.2 IBM Expeditor 6.2.3	17

Exploit-Db

description	IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit). CVE-2017-1129. Dos exploit for Multiple platform
id	EDB-ID:42969
last seen	2017-10-10
modified	2017-08-31
published	2017-08-31
reporter	Exploit-DB
source	https://www.exploit-db.com/download/42969/
title	IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit)

description	IBM Notes 8.5.x/9.0.x - Denial of Service. CVE-2017-1129. Dos exploit for Multiple platform
file	exploits/multiple/dos/42602.html
id	EDB-ID:42602
last seen	2017-09-03
modified	2017-09-02
platform	multiple
port
published	2017-09-02
reporter	Exploit-DB
source	https://www.exploit-db.com/download/42602/
title	IBM Notes 8.5.x/9.0.x - Denial of Service
type	dos

Metasploit

description	This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes. If successful, it could cause the Notes client to hang and have to be restarted.
id	MSF:AUXILIARY/DOS/HTTP/IBM_LOTUS_NOTES
last seen	2020-05-20
modified	2020-05-12
published	2017-09-23
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1129 http://www-01.ibm.com/support/docview.wss?uid=swg21999385
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/ibm_lotus_notes.rb
title	IBM Notes encodeURI DOS

Packetstorm

data source	https://packetstormsecurity.com/files/download/143981/ibmnotes89-dos.txt
id	PACKETSTORM:143981
last seen	2017-09-05
published	2017-09-02
reporter	Dhiraj Mishra
source	https://packetstormsecurity.com/files/143981/IBM-Notes-8.5.x-9.0.x-Denial-Of-Service.html
title	IBM Notes 8.5.x / 9.0.x Denial Of Service

data source	https://packetstormsecurity.com/files/download/144547/ibmnotesencodeuri-dos.rb.txt
id	PACKETSTORM:144547
last seen	2017-10-11
published	2017-10-10
reporter	Mishra Dhiraj
source	https://packetstormsecurity.com/files/144547/IBM-Notes-8.5-9.0-encodeURI-Denial-Of-Service.html
title	IBM Notes 8.5 / 9.0 encodeURI Denial Of Service

Summary

Vulnerable Configurations

Exploit-Db

Metasploit

Packetstorm

References