Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Lotus Domino < 8.0.1 / 7.0.3 FP1 Multiple Vulnerabilities

Critical

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

According to its banner, the version of Lotus Domino on the remote host is older than 8.0.1 / 7.0.3 FP1. The web server component of such versions is reportedly affected by a stack overflow that can be triggered by means of a specially-crafted 'Accept-Language' request header. While IBM only says this results in a denial of service, the original researchers claim to have a working proof-of-concept for Windows that allows arbitrary code execution with LOCAL SYSTEM privileges. In addition, the web server reportedly has an unspecified cross-site scripting vulnerability in its servlet engine / Web container.

Solution

Upgrade to version 7.0.3 FixPack1 or 8.0.1