Sign-up

ID

VAR-200106-0199


CVE

CVE-2001-0383


TITLE

Lotus Domino vulnerable to DoS via crafted HTTP header requests

Trust: 0.8

sources: CERT/CC: VU#601312

DESCRIPTION

banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Submitting numerous HTTP requests with modified headers, could cause Lotus Domino to consume all available system resources. PHP-Nuke 4.4 and previous versions of banners.php have vulnerabilities

Trust: 2.7

sources: NVD: CVE-2001-0383 // CERT/CC: VU#601312 // CERT/CC: VU#310816 // BID: 2565 // VULHUB: VHN-3202

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:lteversion:4.4

Trust: 1.0

vendor:lotusmodel: - scope: - version: -

Trust: 0.8

vendor:ritmodel: - scope: - version: -

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:4.4

Trust: 0.6

vendor:lotusmodel:dominoscope:eqversion:5.0.6

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.5

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.4

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.3

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.2

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.1

Trust: 0.3

vendor:lotusmodel:dominoscope:neversion:5.0.7

Trust: 0.3

sources: CERT/CC: VU#601312 // CERT/CC: VU#310816 // BID: 2565 // CNNVD: CNNVD-200106-087 // NVD: CVE-2001-0383

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0383
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#601312
value: 9.98

Trust: 0.8

CARNEGIE MELLON: VU#310816
value: 1.62

Trust: 0.8

CNNVD: CNNVD-200106-087
value: MEDIUM

Trust: 0.6

VULHUB: VHN-3202
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2001-0383
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3202
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#601312 // CERT/CC: VU#310816 // VULHUB: VHN-3202 // CNNVD: CNNVD-200106-087 // NVD: CVE-2001-0383

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0383

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200106-087

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200106-087

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-3202

EXTERNAL IDS
db:NVDid:CVE-2001-0383
Trust: 1.7
db:BIDid:2544
Trust: 1.7
db:BIDid:2565
Trust: 1.1
db:XFid:6347
Trust: 0.8
db:CERT/CCid:VU#601312
Trust: 0.8
db:XFid:6423
Trust: 0.8
db:BIDid:2636
Trust: 0.8
db:CERT/CCid:VU#310816
Trust: 0.8
db:CNNVDid:CNNVD-200106-087
Trust: 0.7
db:BUGTRAQid:20010401 PHP-NUKE EXPLOIT...
Trust: 0.6
db:XFid:6342
Trust: 0.6
db:EXPLOIT-DBid:20729
Trust: 0.1
db:SEEBUGid:SSVID-74591
Trust: 0.1
db:VULHUBid:VHN-3202
Trust: 0.1
sources:
            
            
            CERT/CC: VU#601312 // 
            
            
            
            CERT/CC: VU#310816 // 
            
            
            
            VULHUB: VHN-3202 // 
            
            
            
            BID: 2565 // 
            
            
            
            CNNVD: CNNVD-200106-087 // 
            
            
            
            NVD: CVE-2001-0383

REFERENCES
url:http://www.securityfocus.com/bid/2544
Trust: 1.7
url:http://archives.neohapsis.com/archives/bugtraq/2001-04/0017.html
Trust: 1.7
url:http://phpnuke.org/download.php?dcategory=fixes
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6342
Trust: 1.1
url:http://www.securityfocus.com/bid/2565
Trust: 0.8
url:http://xforce.iss.net/static/6347.php
Trust: 0.8
url:http://www.securityfocus.com/advisories/3208
Trust: 0.8
url:http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126
Trust: 0.8
url:http://www.securityfocus.com/bid/2636
Trust: 0.8
url:http://www.ritlabs.com/the_bat/index.html
Trust: 0.8
url:http://www.security.nnov.ru/search/news.asp?binid=1136
Trust: 0.8
url:http://xforce.iss.net/static/6423.php
Trust: 0.8
url:http://xforce.iss.net/static/6342.php
Trust: 0.6
url:http://www.lotus.com/home.nsf/welcome/domino
Trust: 0.3
sources:
            
            
            CERT/CC: VU#601312 // 
            
            
            
            CERT/CC: VU#310816 // 
            
            
            
            VULHUB: VHN-3202 // 
            
            
            
            BID: 2565 // 
            
            
            
            CNNVD: CNNVD-200106-087 // 
            
            
            
            NVD: CVE-2001-0383

CREDITS
Reported to bugtraq by Juan Diego <diego@linuxcolombia.com.co> on Mon, 2 Apr 2001
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200106-087

SOURCES
db:CERT/CCid:VU#601312
db:CERT/CCid:VU#310816
db:VULHUBid:VHN-3202
db:BIDid:2565
db:CNNVDid:CNNVD-200106-087
db:NVDid:CVE-2001-0383

LAST UPDATE DATE
2024-10-16T19:23:40.786000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#601312date:2001-07-17T00:00:00
db:CERT/CCid:VU#310816date:2001-08-30T00:00:00
db:VULHUBid:VHN-3202date:2017-10-10T00:00:00
db:BIDid:2565date:2001-04-11T00:00:00
db:CNNVDid:CNNVD-200106-087date:2005-05-02T00:00:00
db:NVDid:CVE-2001-0383date:2017-10-10T01:29:42.517

SOURCES RELEASE DATE
db:CERT/CCid:VU#601312date:2001-07-12T00:00:00
db:CERT/CCid:VU#310816date:2001-06-01T00:00:00
db:VULHUBid:VHN-3202date:2001-06-18T00:00:00
db:BIDid:2565date:2001-04-11T00:00:00
db:CNNVDid:CNNVD-200106-087date:2001-06-18T00:00:00
db:NVDid:CVE-2001-0383date:2001-06-18T04:00:00