Sign-up

ID

VAR-200106-0092


CVE

CVE-2001-0375


TITLE

Lotus Domino vulnerable to DoS via crafted HTTP header requests

Trust: 0.8

sources: CERT/CC: VU#601312

DESCRIPTION

Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Submitting numerous HTTP requests with modified headers, could cause Lotus Domino to consume all available system resources

Trust: 2.7

sources: NVD: CVE-2001-0375 // CERT/CC: VU#601312 // CERT/CC: VU#310816 // BID: 2565 // VULHUB: VHN-3194

AFFECTED PRODUCTS

vendor:ciscomodel:pix firewall 520scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:pix firewall 515scope:eqversion:*

Trust: 1.0

vendor:lotusmodel: - scope: - version: -

Trust: 0.8

vendor:ritmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel:pix firewall 520scope: - version: -

Trust: 0.6

vendor:ciscomodel:pix firewall 515scope: - version: -

Trust: 0.6

vendor:lotusmodel:dominoscope:eqversion:5.0.6

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.5

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.4

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.3

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.2

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.1

Trust: 0.3

vendor:lotusmodel:dominoscope:neversion:5.0.7

Trust: 0.3

sources: CERT/CC: VU#601312 // CERT/CC: VU#310816 // BID: 2565 // CNNVD: CNNVD-200106-095 // NVD: CVE-2001-0375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0375
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#601312
value: 9.98

Trust: 0.8

CARNEGIE MELLON: VU#310816
value: 1.62

Trust: 0.8

CNNVD: CNNVD-200106-095
value: MEDIUM

Trust: 0.6

VULHUB: VHN-3194
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2001-0375
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3194
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#601312 // CERT/CC: VU#310816 // VULHUB: VHN-3194 // CNNVD: CNNVD-200106-095 // NVD: CVE-2001-0375

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200106-095

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200106-095

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-3194

EXTERNAL IDS
db:NVDid:CVE-2001-0375
Trust: 1.7
db:BIDid:2551
Trust: 1.7
db:BIDid:2565
Trust: 1.1
db:XFid:6347
Trust: 0.8
db:CERT/CCid:VU#601312
Trust: 0.8
db:XFid:6423
Trust: 0.8
db:BIDid:2636
Trust: 0.8
db:CERT/CCid:VU#310816
Trust: 0.8
db:CNNVDid:CNNVD-200106-095
Trust: 0.7
db:BUGTRAQid:20010406 PIX FIREWALL 5.1 DOS VULNERABILITY
Trust: 0.6
db:XFid:6353
Trust: 0.6
db:CISCOid:20011003 CISCO PIX FIREWALL AUTHENTICATION DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:SEEBUGid:SSVID-74596
Trust: 0.1
db:EXPLOIT-DBid:20734
Trust: 0.1
db:VULHUBid:VHN-3194
Trust: 0.1
sources:
            
            
            CERT/CC: VU#601312 // 
            
            
            
            CERT/CC: VU#310816 // 
            
            
            
            VULHUB: VHN-3194 // 
            
            
            
            BID: 2565 // 
            
            
            
            CNNVD: CNNVD-200106-095 // 
            
            
            
            NVD: CVE-2001-0375

REFERENCES
url:http://www.securityfocus.com/bid/2551
Trust: 1.7
url:http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml
Trust: 1.7
url:http://marc.info/?l=bugtraq&m=98658271707833&w=2
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6353
Trust: 1.1
url:http://www.securityfocus.com/bid/2565
Trust: 0.8
url:http://xforce.iss.net/static/6347.php
Trust: 0.8
url:http://www.securityfocus.com/advisories/3208
Trust: 0.8
url:http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126
Trust: 0.8
url:http://www.securityfocus.com/bid/2636
Trust: 0.8
url:http://www.ritlabs.com/the_bat/index.html
Trust: 0.8
url:http://www.security.nnov.ru/search/news.asp?binid=1136
Trust: 0.8
url:http://xforce.iss.net/static/6423.php
Trust: 0.8
url:http://marc.theaimsgroup.com/?l=bugtraq&m=98658271707833&w=2
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/6353
Trust: 0.6
url:http://www.lotus.com/home.nsf/welcome/domino
Trust: 0.3
sources:
            
            
            CERT/CC: VU#601312 // 
            
            
            
            CERT/CC: VU#310816 // 
            
            
            
            VULHUB: VHN-3194 // 
            
            
            
            BID: 2565 // 
            
            
            
            CNNVD: CNNVD-200106-095 // 
            
            
            
            NVD: CVE-2001-0375

CREDITS
Discovered and posted to Bugtraq by Peter Gründl <peter.grundl@defcom.com> on April 11, 2001.
Trust: 0.3
sources:
            
            
            BID: 2565

SOURCES
db:CERT/CCid:VU#601312
db:CERT/CCid:VU#310816
db:VULHUBid:VHN-3194
db:BIDid:2565
db:CNNVDid:CNNVD-200106-095
db:NVDid:CVE-2001-0375

LAST UPDATE DATE
2024-10-16T20:45:53.657000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#601312date:2001-07-17T00:00:00
db:CERT/CCid:VU#310816date:2001-08-30T00:00:00
db:VULHUBid:VHN-3194date:2017-10-10T00:00:00
db:BIDid:2565date:2001-04-11T00:00:00
db:CNNVDid:CNNVD-200106-095date:2005-05-13T00:00:00
db:NVDid:CVE-2001-0375date:2017-10-10T01:29:42.297

SOURCES RELEASE DATE
db:CERT/CCid:VU#601312date:2001-07-12T00:00:00
db:CERT/CCid:VU#310816date:2001-06-01T00:00:00
db:VULHUBid:VHN-3194date:2001-06-18T00:00:00
db:BIDid:2565date:2001-04-11T00:00:00
db:CNNVDid:CNNVD-200106-095date:2001-06-18T00:00:00
db:NVDid:CVE-2001-0375date:2001-06-18T04:00:00