Lotus Domino < 8.0.1 / 7.0.3 FP1 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 4517

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

According to its banner, the version of Lotus Domino on the remote host is older than 8.0.1 / 7.0.3 FP1. The web server component of such versions is reportedly affected by a stack overflow that can be triggered by means of a specially-crafted 'Accept-Language' request header. While IBM only says this results in a denial of service, the original researchers claim to have a working proof-of-concept for Windows that allows arbitrary code execution with LOCAL SYSTEM privileges. In addition, the web server reportedly has an unspecified cross-site scripting vulnerability in its servlet engine / Web container.

Solution

Upgrade to version 7.0.3 FixPack1 or 8.0.1

See Also

http://www-1.ibm.com/support/docview.wss?uid=swg21303296

http://www.nessus.org/u?a3b5cab6

http://www-1.ibm.com/support/docview.wss?uid=swg21303057

Plugin Details

Severity: Critical

ID: 4517

Family: SMTP Servers

Published: 8/18/2004

Updated: 3/6/2019

Nessus ID: 32433

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:lotus_domino

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (IBM Lotus Domino Web Server Accept-Language Stack Buffer Overflow)

Reference Information

CVE: CVE-2008-2240, CVE-2008-2410

BID: 29310, 29311