Details of VAR-200106-0092

ID

VAR-200106-0092

CVE

CVE-2001-0375

TITLE

Lotus Domino vulnerable to a denial of service via DOS device request

Trust: 0.8

sources: CERT/CC: VU#890128

DESCRIPTION

Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. If numerous requests are made for MS DOS device names, ncgihttp.exe inappropriately handles them, resulting in the exhaustion of system resources

Trust: 2.7

sources: NVD: CVE-2001-0375 // CERT/CC: VU#890128 // CERT/CC: VU#642760 // BID: 2575 // VULHUB: VHN-3194

AFFECTED PRODUCTS

vendor:	lotus	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	cisco	model:	pix firewall 520	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	pix firewall 515	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	pix firewall 520	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	pix firewall 515	scope:	-	version:	-	Trust: 0.6
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	lotus	model:	domino	scope:	ne	version:	5.0.7	Trust: 0.3

sources: CERT/CC: VU#890128 // CERT/CC: VU#642760 // BID: 2575 // CNNVD: CNNVD-200106-095 // NVD: CVE-2001-0375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0375
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#890128
value:	5.07
Trust: 0.8
CARNEGIE MELLON:	VU#642760
value:	10.50
Trust: 0.8
CNNVD:	CNNVD-200106-095
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-3194
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-0375
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3194
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#890128 // CERT/CC: VU#642760 // VULHUB: VHN-3194 // CNNVD: CNNVD-200106-095 // NVD: CVE-2001-0375

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200106-095

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200106-095

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-3194

EXTERNAL IDS

db:	NVD	id:	CVE-2001-0375	Trust: 1.7
db:	BID	id:	2551	Trust: 1.7
db:	BID	id:	2575	Trust: 1.1
db:	XF	id:	6348	Trust: 0.8
db:	CERT/CC	id:	VU#890128	Trust: 0.8
db:	BID	id:	2598	Trust: 0.8
db:	XF	id:	6351	Trust: 0.8
db:	CERT/CC	id:	VU#642760	Trust: 0.8
db:	CNNVD	id:	CNNVD-200106-095	Trust: 0.7
db:	BUGTRAQ	id:	20010406 PIX FIREWALL 5.1 DOS VULNERABILITY	Trust: 0.6
db:	XF	id:	6353	Trust: 0.6
db:	CISCO	id:	20011003 CISCO PIX FIREWALL AUTHENTICATION DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	SEEBUG	id:	SSVID-74596	Trust: 0.1
db:	EXPLOIT-DB	id:	20734	Trust: 0.1
db:	VULHUB	id:	VHN-3194	Trust: 0.1

sources: CERT/CC: VU#890128 // CERT/CC: VU#642760 // VULHUB: VHN-3194 // BID: 2575 // CNNVD: CNNVD-200106-095 // NVD: CVE-2001-0375

REFERENCES

url:	http://www.securityfocus.com/bid/2551	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml	Trust: 1.7
url:	http://www.securityfocus.com/advisories/3208	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=98658271707833&w=2	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6353	Trust: 1.1
url:	http://www.securityfocus.com/bid/2575	Trust: 0.8
url:	http://xforce.iss.net/static/6348.php	Trust: 0.8
url:	http://www.securityfocus.com/bid/2598	Trust: 0.8
url:	http://xforce.iss.net/static/6351.php	Trust: 0.8
url:	http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126	Trust: 0.8
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=98658271707833&w=2	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/6353	Trust: 0.6
url:	http://www.lotus.com/home.nsf/welcome/domino	Trust: 0.3

sources: CERT/CC: VU#890128 // CERT/CC: VU#642760 // VULHUB: VHN-3194 // BID: 2575 // CNNVD: CNNVD-200106-095 // NVD: CVE-2001-0375

CREDITS

Discovered and posted to Bugtraq by Peter Gründl <peter.grundl@defcom.com> on April 11, 2001.

Trust: 0.3

sources: BID: 2575

SOURCES

db:	CERT/CC	id:	VU#890128
db:	CERT/CC	id:	VU#642760
db:	VULHUB	id:	VHN-3194
db:	BID	id:	2575
db:	CNNVD	id:	CNNVD-200106-095
db:	NVD	id:	CVE-2001-0375

LAST UPDATE DATE

2025-01-14T22:18:37.983000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#890128	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#642760	date:	2001-07-17T00:00:00
db:	VULHUB	id:	VHN-3194	date:	2017-10-10T00:00:00
db:	BID	id:	2575	date:	2001-04-11T00:00:00
db:	CNNVD	id:	CNNVD-200106-095	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2001-0375	date:	2017-10-10T01:29:42.297

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#890128	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#642760	date:	2001-07-12T00:00:00
db:	VULHUB	id:	VHN-3194	date:	2001-06-18T00:00:00
db:	BID	id:	2575	date:	2001-04-11T00:00:00
db:	CNNVD	id:	CNNVD-200106-095	date:	2001-06-18T00:00:00
db:	NVD	id:	CVE-2001-0375	date:	2001-06-18T04:00:00