Detections
Analytics
IBM Lotus Domino Server time/date Fields Remote Overflow
high Nessus Plugin ID 19238
Language:
Synopsis
The remote web server is susceptible to a buffer overflow vulnerability attack.Description
According to its banner, the remote host is running a version of Lotus Domino Server that is prone to a buffer overflow attack triggered by submitting a POST request with large amounts of data for certain date / time fields. A remote attacker can reportedly exploit this issue to crash the web server or possible execute arbitrary code on the affected host.Solution
Upgrade to Lotus Domino Server version 6.0.5 / 6.5.4 Maintenance Release or later.See Also
http://www.ngssoftware.com/advisories/lotus-01.txt
https://seclists.org/bugtraq/2005/Apr/159
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21202431
Plugin Details
Severity: High
ID: 19238
File Name: domino_http_post_date_overflow.nasl
Version: 1.19
Type: remote
Family: CGI abuses
Published: 7/20/2005
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.5
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:ibm:lotus_domino
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 4/5/2005
Reference Information
CVE: CVE-2005-1101
BID: 13130