Sign-up

ID

VAR-200106-0168


CVE

CVE-2001-0412


TITLE

Lotus Domino vulnerable to DoS via crafted HTTP header requests

Trust: 0.8

sources: CERT/CC: VU#601312

DESCRIPTION

Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Submitting numerous HTTP requests with modified headers, could cause Lotus Domino to consume all available system resources

Trust: 2.7

sources: NVD: CVE-2001-0412 // CERT/CC: VU#601312 // CERT/CC: VU#310816 // BID: 2565 // VULHUB: VHN-3231

AFFECTED PRODUCTS

vendor:ciscomodel:content services switch 11150scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:content services switch 11800scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:content services switch 11050scope:eqversion:*

Trust: 1.0

vendor:lotusmodel: - scope: - version: -

Trust: 0.8

vendor:ritmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel:content services switch 11150scope: - version: -

Trust: 0.6

vendor:ciscomodel:content services switch 11050scope: - version: -

Trust: 0.6

vendor:ciscomodel:content services switch 11800scope: - version: -

Trust: 0.6

vendor:lotusmodel:dominoscope:eqversion:5.0.6

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.5

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.4

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.3

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.2

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.1

Trust: 0.3

vendor:lotusmodel:dominoscope:neversion:5.0.7

Trust: 0.3

sources: CERT/CC: VU#601312 // CERT/CC: VU#310816 // BID: 2565 // CNNVD: CNNVD-200106-094 // NVD: CVE-2001-0412

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0412
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#601312
value: 9.98

Trust: 0.8

CARNEGIE MELLON: VU#310816
value: 1.62

Trust: 0.8

CNNVD: CNNVD-200106-094
value: HIGH

Trust: 0.6

VULHUB: VHN-3231
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2001-0412
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3231
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#601312 // CERT/CC: VU#310816 // VULHUB: VHN-3231 // CNNVD: CNNVD-200106-094 // NVD: CVE-2001-0412

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0412

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200106-094

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200106-094

EXTERNAL IDS

db:OSVDBid:1784

Trust: 1.7

db:BIDid:2559

Trust: 1.7

db:NVDid:CVE-2001-0412

Trust: 1.7

db:BIDid:2565

Trust: 1.1

db:XFid:6347

Trust: 0.8

db:CERT/CCid:VU#601312

Trust: 0.8

db:XFid:6423

Trust: 0.8

db:BIDid:2636

Trust: 0.8

db:CERT/CCid:VU#310816

Trust: 0.8

db:CNNVDid:CNNVD-200106-094

Trust: 0.7

db:XFid:6322

Trust: 0.6

db:CISCOid:20010404 CISCO CONTENT SERVICES SWITCH USER ACCOUNT VULNERABILITY

Trust: 0.6

db:VULHUBid:VHN-3231

Trust: 0.1

sources: CERT/CC: VU#601312 // CERT/CC: VU#310816 // VULHUB: VHN-3231 // BID: 2565 // CNNVD: CNNVD-200106-094 // NVD: CVE-2001-0412

REFERENCES

url:http://www.securityfocus.com/bid/2559

Trust: 1.7

url:http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml

Trust: 1.7

url:http://www.osvdb.org/1784

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6322

Trust: 1.1

url:http://www.securityfocus.com/bid/2565

Trust: 0.8

url:http://xforce.iss.net/static/6347.php

Trust: 0.8

url:http://www.securityfocus.com/advisories/3208

Trust: 0.8

url:http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126

Trust: 0.8

url:http://www.securityfocus.com/bid/2636

Trust: 0.8

url:http://www.ritlabs.com/the_bat/index.html

Trust: 0.8

url:http://www.security.nnov.ru/search/news.asp?binid=1136

Trust: 0.8

url:http://xforce.iss.net/static/6423.php

Trust: 0.8

url:http://xforce.iss.net/static/6322.php

Trust: 0.6

url:http://www.lotus.com/home.nsf/welcome/domino

Trust: 0.3

sources: CERT/CC: VU#601312 // CERT/CC: VU#310816 // VULHUB: VHN-3231 // BID: 2565 // CNNVD: CNNVD-200106-094 // NVD: CVE-2001-0412

CREDITS

This vulnerability was announced to Bugtraq in a Cisco Security Advisory dated April 4, 2001.

Trust: 0.6

sources: CNNVD: CNNVD-200106-094

SOURCES

db:CERT/CCid:VU#601312
db:CERT/CCid:VU#310816
db:VULHUBid:VHN-3231
db:BIDid:2565
db:CNNVDid:CNNVD-200106-094
db:NVDid:CVE-2001-0412

LAST UPDATE DATE

2024-10-16T21:44:50.028000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#601312date:2001-07-17T00:00:00
db:CERT/CCid:VU#310816date:2001-08-30T00:00:00
db:VULHUBid:VHN-3231date:2017-10-10T00:00:00
db:BIDid:2565date:2001-04-11T00:00:00
db:CNNVDid:CNNVD-200106-094date:2005-05-02T00:00:00
db:NVDid:CVE-2001-0412date:2017-10-10T01:29:43.110

SOURCES RELEASE DATE

db:CERT/CCid:VU#601312date:2001-07-12T00:00:00
db:CERT/CCid:VU#310816date:2001-06-01T00:00:00
db:VULHUBid:VHN-3231date:2001-06-18T00:00:00
db:BIDid:2565date:2001-04-11T00:00:00
db:CNNVDid:CNNVD-200106-094date:2001-06-18T00:00:00
db:NVDid:CVE-2001-0412date:2001-06-18T04:00:00