Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Lotus Domino < 8.0.1 / 7.0.3 FP1 Multiple Vulnerabilities



The remote web server is affected by multiple vulnerabilities.


According to its banner, the version of Lotus Domino on the remote host is older than 8.0.1 / 7.0.3 FP1. The web server component of such versions is reportedly affected by a stack overflow that can be triggered by means of a specially-crafted 'Accept-Language' request header. While IBM only says this results in a denial of service, the original researchers claim to have a working proof-of-concept for Windows that allows arbitrary code execution with LOCAL SYSTEM privileges. In addition, the web server reportedly has an unspecified cross-site scripting vulnerability in its servlet engine / Web container.


Upgrade to version 7.0.3 FixPack1 or 8.0.1