IBM Domino 9.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (uncredentialed check)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote host has software installed that is affected by multiple
vulnerabilities.

Description :

According to its version, the IBM Domino (formerly IBM Lotus Domino)
application on the remote host is 9.x prior to 9.0.1 Fix Pack 2 (FP2).
It is, therefore, affected by the following vulnerabilities :

- An unspecified error exists related to the TLS
implementation and the IBM HTTP server that could allow
certain error cases to cause 100% CPU utilization. Note
that this issue only affects Microsoft Windows hosts.
(CVE-2014-0963)

- Fixes in the Oracle Java CPU for April 2014 are included
in the fixed IBM Java release, which is included in the
fixed IBM Domino release.
(CVE-2013-6629, CVE-2013-6954, CVE-2014-0429,
CVE-2014-0446, CVE-2014-0448, CVE-2014-0449,
CVE-2014-0451, CVE-2014-0452, CVE-2014-0453,
CVE-2014-0454, CVE-2014-0455, CVE-2014-0457,
CVE-2014-0458, CVE-2014-0459, CVE-2014-0460,
CVE-2014-0461, CVE-2014-1876, CVE-2014-2398,
CVE-2014-2401, CVE-2014-2402, CVE-2014-2409,
CVE-2014-2412, CVE-2014-2414, CVE-2014-2420,
CVE-2014-2421, CVE-2014-2423, CVE-2014-2427,
CVE-2014-2428)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21681114
http://www-01.ibm.com/support/docview.wss?uid=swg24037141

Solution :

Upgrade to IBM Domino 9.0.1 FP2 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.0
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true