Sign-up

ID

VAR-200107-0173


CVE

CVE-2001-0444


TITLE

Lotus Domino vulnerable to DoS via crafted unicode GET request

Trust: 0.8

sources: CERT/CC: VU#676552

DESCRIPTION

Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Submitting numerous HTTP requests with modified headers, could cause Lotus Domino to consume all available system resources

Trust: 4.14

sources: NVD: CVE-2001-0444 // CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 2565 // VULHUB: VHN-3263

AFFECTED PRODUCTS

vendor:lotusmodel: - scope: - version: -

Trust: 2.4

vendor:ciscomodel:cbosscope:eqversion:2.3.053

Trust: 1.6

vendor:ciscomodel:cbosscope:eqversion:2.4.1

Trust: 1.6

vendor:ritmodel: - scope: - version: -

Trust: 0.8

vendor:lotusmodel:dominoscope:eqversion:5.0.6

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.5

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.4

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.3

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.2

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.1

Trust: 0.3

vendor:lotusmodel:dominoscope:neversion:5.0.7

Trust: 0.3

sources: CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 2565 // CNNVD: CNNVD-200107-038 // NVD: CVE-2001-0444

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0444
value: LOW

Trust: 1.0

CARNEGIE MELLON: VU#676552
value: 10.50

Trust: 0.8

CARNEGIE MELLON: VU#601312
value: 9.98

Trust: 0.8

CARNEGIE MELLON: VU#555464
value: 4.25

Trust: 0.8

CARNEGIE MELLON: VU#310816
value: 1.62

Trust: 0.8

CNNVD: CNNVD-200107-038
value: LOW

Trust: 0.6

VULHUB: VHN-3263
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2001-0444
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3263
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-3263 // CNNVD: CNNVD-200107-038 // NVD: CVE-2001-0444

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0444

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200107-038

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200107-038

EXTERNAL IDS

db:NVDid:CVE-2001-0444

Trust: 1.7

db:BIDid:2635

Trust: 1.7

db:OSVDBid:1796

Trust: 1.7

db:BIDid:2565

Trust: 1.1

db:BIDid:2571

Trust: 0.8

db:XFid:6349

Trust: 0.8

db:CERT/CCid:VU#676552

Trust: 0.8

db:XFid:6347

Trust: 0.8

db:CERT/CCid:VU#601312

Trust: 0.8

db:BIDid:2599

Trust: 0.8

db:XFid:6350

Trust: 0.8

db:CERT/CCid:VU#555464

Trust: 0.8

db:XFid:6423

Trust: 0.8

db:BIDid:2636

Trust: 0.8

db:CERT/CCid:VU#310816

Trust: 0.8

db:BUGTRAQid:20010420 BUG IN CISCO CBOS V2.3.0.053

Trust: 0.6

db:XFid:6453

Trust: 0.6

db:CNNVDid:CNNVD-200107-038

Trust: 0.6

db:VULHUBid:VHN-3263

Trust: 0.1

sources: CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-3263 // BID: 2565 // CNNVD: CNNVD-200107-038 // NVD: CVE-2001-0444

REFERENCES

url:http://www.securityfocus.com/advisories/3208

Trust: 2.4

url:http://www.securityfocus.com/bid/2635

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2001-04/0380.html

Trust: 1.7

url:http://www.osvdb.org/1796

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6453

Trust: 1.1

url:http://www.securityfocus.com/bid/2571

Trust: 0.8

url:http://xforce.iss.net/static/6349.php

Trust: 0.8

url:http://www.securityfocus.com/bid/2565

Trust: 0.8

url:http://xforce.iss.net/static/6347.php

Trust: 0.8

url:http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126

Trust: 0.8

url:http://www.securityfocus.com/bid/2599

Trust: 0.8

url:http://xforce.iss.net/static/6350.php

Trust: 0.8

url:http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument

Trust: 0.8

url:http://www.securityfocus.com/bid/2636

Trust: 0.8

url:http://www.ritlabs.com/the_bat/index.html

Trust: 0.8

url:http://www.security.nnov.ru/search/news.asp?binid=1136

Trust: 0.8

url:http://xforce.iss.net/static/6423.php

Trust: 0.8

url:http://xforce.iss.net/static/6453.php

Trust: 0.6

url:http://www.lotus.com/home.nsf/welcome/domino

Trust: 0.3

sources: CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-3263 // BID: 2565 // CNNVD: CNNVD-200107-038 // NVD: CVE-2001-0444

CREDITS

Discovered and posted to Bugtraq by Peter Gründl <peter.grundl@defcom.com> on April 11, 2001.

Trust: 0.3

sources: BID: 2565

SOURCES

db:CERT/CCid:VU#676552
db:CERT/CCid:VU#601312
db:CERT/CCid:VU#555464
db:CERT/CCid:VU#310816
db:VULHUBid:VHN-3263
db:BIDid:2565
db:CNNVDid:CNNVD-200107-038
db:NVDid:CVE-2001-0444

LAST UPDATE DATE

2025-02-22T20:27:10.704000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#676552date:2001-07-26T00:00:00
db:CERT/CCid:VU#601312date:2001-07-17T00:00:00
db:CERT/CCid:VU#555464date:2001-07-17T00:00:00
db:CERT/CCid:VU#310816date:2001-08-30T00:00:00
db:VULHUBid:VHN-3263date:2017-10-10T00:00:00
db:BIDid:2565date:2001-04-11T00:00:00
db:CNNVDid:CNNVD-200107-038date:2005-10-12T00:00:00
db:NVDid:CVE-2001-0444date:2017-10-10T01:29:43.860

SOURCES RELEASE DATE

db:CERT/CCid:VU#676552date:2001-07-23T00:00:00
db:CERT/CCid:VU#601312date:2001-07-12T00:00:00
db:CERT/CCid:VU#555464date:2001-07-12T00:00:00
db:CERT/CCid:VU#310816date:2001-06-01T00:00:00
db:VULHUBid:VHN-3263date:2001-07-02T00:00:00
db:BIDid:2565date:2001-04-11T00:00:00
db:CNNVDid:CNNVD-200107-038date:2001-07-02T00:00:00
db:NVDid:CVE-2001-0444date:2001-07-02T04:00:00