Details of VAR-200107-0160

ID

VAR-200107-0160

CVE

CVE-2001-0428

TITLE

Lotus Domino vulnerable to DoS via crafted unicode GET request

Trust: 0.8

sources: CERT/CC: VU#676552

DESCRIPTION

Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Submitting numerous HTTP requests with modified headers, could cause Lotus Domino to consume all available system resources. Cisco VPN 3000 Series Concentrator versions prior to 2.5.2(F) have a vulnerability

Trust: 4.14

sources: NVD: CVE-2001-0428 // CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 2565 // VULHUB: VHN-3247

AFFECTED PRODUCTS

vendor:	lotus	model:	-	scope:	-	version:	-	Trust: 2.4
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.c	Trust: 1.6
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.b	Trust: 1.6
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.a	Trust: 1.6
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.d	Trust: 1.6
vendor:	rit	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	2.5.2.a	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	2.5.2.d	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	2.5.2.c	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	2.5.2.b	Trust: 0.6
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	lotus	model:	domino	scope:	ne	version:	5.0.7	Trust: 0.3

sources: CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 2565 // CNNVD: CNNVD-200107-021 // NVD: CVE-2001-0428

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0428
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#676552
value:	10.50
Trust: 0.8
CARNEGIE MELLON:	VU#601312
value:	9.98
Trust: 0.8
CARNEGIE MELLON:	VU#555464
value:	4.25
Trust: 0.8
CARNEGIE MELLON:	VU#310816
value:	1.62
Trust: 0.8
CNNVD:	CNNVD-200107-021
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-3247
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-0428
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3247
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-3247 // CNNVD: CNNVD-200107-021 // NVD: CVE-2001-0428

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0428

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200107-021

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200107-021

EXTERNAL IDS

db:	NVD	id:	CVE-2001-0428	Trust: 1.7
db:	OSVDB	id:	1786	Trust: 1.7
db:	BID	id:	2573	Trust: 1.7
db:	BID	id:	2565	Trust: 1.1
db:	BID	id:	2571	Trust: 0.8
db:	XF	id:	6349	Trust: 0.8
db:	CERT/CC	id:	VU#676552	Trust: 0.8
db:	XF	id:	6347	Trust: 0.8
db:	CERT/CC	id:	VU#601312	Trust: 0.8
db:	BID	id:	2599	Trust: 0.8
db:	XF	id:	6350	Trust: 0.8
db:	CERT/CC	id:	VU#555464	Trust: 0.8
db:	XF	id:	6423	Trust: 0.8
db:	BID	id:	2636	Trust: 0.8
db:	CERT/CC	id:	VU#310816	Trust: 0.8
db:	CNNVD	id:	CNNVD-200107-021	Trust: 0.7
db:	CISCO	id:	20010412 VPN 3000 CONCENTRATOR IP OPTIONS VULNERABILITY	Trust: 0.6
db:	XF	id:	6360	Trust: 0.6
db:	VULHUB	id:	VHN-3247	Trust: 0.1

sources: CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-3247 // BID: 2565 // CNNVD: CNNVD-200107-021 // NVD: CVE-2001-0428

REFERENCES

url:	http://www.securityfocus.com/advisories/3208	Trust: 2.4
url:	http://www.securityfocus.com/bid/2573	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/vpn3k-ipoptions-vuln-pub.shtml	Trust: 1.7
url:	http://www.osvdb.org/1786	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6360	Trust: 1.1
url:	http://www.securityfocus.com/bid/2571	Trust: 0.8
url:	http://xforce.iss.net/static/6349.php	Trust: 0.8
url:	http://www.securityfocus.com/bid/2565	Trust: 0.8
url:	http://xforce.iss.net/static/6347.php	Trust: 0.8
url:	http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126	Trust: 0.8
url:	http://www.securityfocus.com/bid/2599	Trust: 0.8
url:	http://xforce.iss.net/static/6350.php	Trust: 0.8
url:	http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument	Trust: 0.8
url:	http://www.securityfocus.com/bid/2636	Trust: 0.8
url:	http://www.ritlabs.com/the_bat/index.html	Trust: 0.8
url:	http://www.security.nnov.ru/search/news.asp?binid=1136	Trust: 0.8
url:	http://xforce.iss.net/static/6423.php	Trust: 0.8
url:	http://xforce.iss.net/static/6360.php	Trust: 0.6
url:	http://www.lotus.com/home.nsf/welcome/domino	Trust: 0.3

CREDITS

Discovered and posted to Bugtraq by Peter Gründl <peter.grundl@defcom.com> on April 11, 2001.

Trust: 0.3

sources: BID: 2565

SOURCES

db:	CERT/CC	id:	VU#676552
db:	CERT/CC	id:	VU#601312
db:	CERT/CC	id:	VU#555464
db:	CERT/CC	id:	VU#310816
db:	VULHUB	id:	VHN-3247
db:	BID	id:	2565
db:	CNNVD	id:	CNNVD-200107-021
db:	NVD	id:	CVE-2001-0428

LAST UPDATE DATE

2025-02-22T20:16:18.709000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#676552	date:	2001-07-26T00:00:00
db:	CERT/CC	id:	VU#601312	date:	2001-07-17T00:00:00
db:	CERT/CC	id:	VU#555464	date:	2001-07-17T00:00:00
db:	CERT/CC	id:	VU#310816	date:	2001-08-30T00:00:00
db:	VULHUB	id:	VHN-3247	date:	2018-10-30T00:00:00
db:	BID	id:	2565	date:	2001-04-11T00:00:00
db:	CNNVD	id:	CNNVD-200107-021	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2001-0428	date:	2018-10-30T16:26:16.373

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#676552	date:	2001-07-23T00:00:00
db:	CERT/CC	id:	VU#601312	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#555464	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#310816	date:	2001-06-01T00:00:00
db:	VULHUB	id:	VHN-3247	date:	2001-07-02T00:00:00
db:	BID	id:	2565	date:	2001-04-11T00:00:00
db:	CNNVD	id:	CNNVD-200107-021	date:	2001-07-02T00:00:00
db:	NVD	id:	CVE-2001-0428	date:	2001-07-02T04:00:00