IBM Notes 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities

Critical Nessus Plugin ID 77812

Synopsis

The remote host has software installed that is affected by multiple vulnerabilities.

Description

The remote host has a version of IBM Notes (formerly Lotus Notes) 9.0.x prior to 9.0.1 Fix Pack 2 (FP2) installed. It is, therefore, affected by the following vulnerabilities :

 - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note this issue only affects Microsoft Windows hosts.
 (CVE-2014-0963)

 - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release.
 (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428)

Solution

Upgrade to IBM Notes 9.0.1 FP2 or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21681114

http://www-01.ibm.com/support/docview.wss?uid=swg24037141

http://www.nessus.org/u?eb873351

Plugin Details

Severity: Critical

ID: 77812

File Name: ibm_notes_9_0_1_fp2.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 2014/09/23

Updated: 2018/07/12

Dependencies: 61486

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:notes

Required KB Items: installed_sw/IBM Notes

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/08/19

Vulnerability Publication Date: 2014/04/15

Reference Information

CVE: CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-0963, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428

BID: 63676, 64493, 65568, 66856, 66866, 66870, 66873, 66879, 66881, 66883, 66887, 66891, 66894, 66898, 66899, 66902, 66903, 66904, 66905, 66907, 66909, 66910, 66911, 66914, 66915, 66916, 66919, 66920, 67238