Sign-up

ID

VAR-200106-0199


CVE

CVE-2001-0383


TITLE

Lotus Domino vulnerable to a denial of service via DOS device request

Trust: 0.8

sources: CERT/CC: VU#890128

DESCRIPTION

banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. If numerous requests are made for MS DOS device names, ncgihttp.exe inappropriately handles them, resulting in the exhaustion of system resources. PHP-Nuke 4.4 and previous versions of banners.php have vulnerabilities

Trust: 2.7

sources: NVD: CVE-2001-0383 // CERT/CC: VU#890128 // CERT/CC: VU#642760 // BID: 2575 // VULHUB: VHN-3202

AFFECTED PRODUCTS

vendor:lotusmodel: - scope: - version: -

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:lteversion:4.4

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:4.4

Trust: 0.6

vendor:lotusmodel:dominoscope:eqversion:5.0.6

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.5

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.4

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.3

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.2

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.1

Trust: 0.3

vendor:lotusmodel:dominoscope:neversion:5.0.7

Trust: 0.3

sources: CERT/CC: VU#890128 // CERT/CC: VU#642760 // BID: 2575 // CNNVD: CNNVD-200106-087 // NVD: CVE-2001-0383

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0383
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#890128
value: 5.07

Trust: 0.8

CARNEGIE MELLON: VU#642760
value: 10.50

Trust: 0.8

CNNVD: CNNVD-200106-087
value: MEDIUM

Trust: 0.6

VULHUB: VHN-3202
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2001-0383
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3202
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#890128 // CERT/CC: VU#642760 // VULHUB: VHN-3202 // CNNVD: CNNVD-200106-087 // NVD: CVE-2001-0383

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0383

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200106-087

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200106-087

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-3202

EXTERNAL IDS
db:NVDid:CVE-2001-0383
Trust: 1.7
db:BIDid:2544
Trust: 1.7
db:BIDid:2575
Trust: 1.1
db:XFid:6348
Trust: 0.8
db:CERT/CCid:VU#890128
Trust: 0.8
db:BIDid:2598
Trust: 0.8
db:XFid:6351
Trust: 0.8
db:CERT/CCid:VU#642760
Trust: 0.8
db:CNNVDid:CNNVD-200106-087
Trust: 0.7
db:BUGTRAQid:20010401 PHP-NUKE EXPLOIT...
Trust: 0.6
db:XFid:6342
Trust: 0.6
db:EXPLOIT-DBid:20729
Trust: 0.1
db:SEEBUGid:SSVID-74591
Trust: 0.1
db:VULHUBid:VHN-3202
Trust: 0.1
sources:
            
            
            CERT/CC: VU#890128 // 
            
            
            
            CERT/CC: VU#642760 // 
            
            
            
            VULHUB: VHN-3202 // 
            
            
            
            BID: 2575 // 
            
            
            
            CNNVD: CNNVD-200106-087 // 
            
            
            
            NVD: CVE-2001-0383

REFERENCES
url:http://www.securityfocus.com/bid/2544
Trust: 1.7
url:http://archives.neohapsis.com/archives/bugtraq/2001-04/0017.html
Trust: 1.7
url:http://phpnuke.org/download.php?dcategory=fixes
Trust: 1.7
url:http://www.securityfocus.com/advisories/3208
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6342
Trust: 1.1
url:http://www.securityfocus.com/bid/2575
Trust: 0.8
url:http://xforce.iss.net/static/6348.php
Trust: 0.8
url:http://www.securityfocus.com/bid/2598
Trust: 0.8
url:http://xforce.iss.net/static/6351.php
Trust: 0.8
url:http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126
Trust: 0.8
url:http://xforce.iss.net/static/6342.php
Trust: 0.6
url:http://www.lotus.com/home.nsf/welcome/domino
Trust: 0.3
sources:
            
            
            CERT/CC: VU#890128 // 
            
            
            
            CERT/CC: VU#642760 // 
            
            
            
            VULHUB: VHN-3202 // 
            
            
            
            BID: 2575 // 
            
            
            
            CNNVD: CNNVD-200106-087 // 
            
            
            
            NVD: CVE-2001-0383

CREDITS
Reported to bugtraq by Juan Diego <diego@linuxcolombia.com.co> on Mon, 2 Apr 2001
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200106-087

SOURCES
db:CERT/CCid:VU#890128
db:CERT/CCid:VU#642760
db:VULHUBid:VHN-3202
db:BIDid:2575
db:CNNVDid:CNNVD-200106-087
db:NVDid:CVE-2001-0383

LAST UPDATE DATE
2025-01-14T19:48:19.677000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#890128date:2001-07-12T00:00:00
db:CERT/CCid:VU#642760date:2001-07-17T00:00:00
db:VULHUBid:VHN-3202date:2017-10-10T00:00:00
db:BIDid:2575date:2001-04-11T00:00:00
db:CNNVDid:CNNVD-200106-087date:2005-05-02T00:00:00
db:NVDid:CVE-2001-0383date:2017-10-10T01:29:42.517

SOURCES RELEASE DATE
db:CERT/CCid:VU#890128date:2001-07-12T00:00:00
db:CERT/CCid:VU#642760date:2001-07-12T00:00:00
db:VULHUBid:VHN-3202date:2001-06-18T00:00:00
db:BIDid:2575date:2001-04-11T00:00:00
db:CNNVDid:CNNVD-200106-087date:2001-06-18T00:00:00
db:NVDid:CVE-2001-0383date:2001-06-18T04:00:00