icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Lotus Domino < 8.0.1 / 7.0.3 FP1 Multiple Vulnerabilities

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

According to its banner, the version of Lotus Domino on the remote host is older than 8.0.1 / 7.0.3 FP1. The web server component of such versions is reportedly affected by a stack overflow that can be triggered by means of a specially-crafted 'Accept-Language' request header. While IBM only says this results in a denial of service, the original researchers claim to have a working proof-of-concept for Windows that allows arbitrary code execution with LOCAL SYSTEM privileges. In addition, the web server reportedly has an unspecified cross-site scripting vulnerability in its servlet engine / Web container.

Solution

Upgrade to version 7.0.3 FixPack1 or 8.0.1