Details of VAR-200107-0173

ID

VAR-200107-0173

CVE

CVE-2001-0444

TITLE

Lotus Domino vulnerable to DoS via crafted HTTP header requests

Trust: 0.8

sources: CERT/CC: VU#601312

DESCRIPTION

Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. An HTTP request composed of numerous '/' sequences (approx 8k), will cause the server to consume all available system resources on the host

Trust: 3.42

sources: NVD: CVE-2001-0444 // CERT/CC: VU#601312 // CERT/CC: VU#642760 // CERT/CC: VU#310816 // BID: 2598 // VULHUB: VHN-3263

AFFECTED PRODUCTS

vendor:	lotus	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	cisco	model:	cbos	scope:	eq	version:	2.3.053	Trust: 1.6
vendor:	cisco	model:	cbos	scope:	eq	version:	2.4.1	Trust: 1.6
vendor:	rit	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	lotus	model:	domino	scope:	ne	version:	5.0.7	Trust: 0.3

sources: CERT/CC: VU#601312 // CERT/CC: VU#642760 // CERT/CC: VU#310816 // BID: 2598 // CNNVD: CNNVD-200107-038 // NVD: CVE-2001-0444

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0444
value:	LOW
Trust: 1.0
CARNEGIE MELLON:	VU#601312
value:	9.98
Trust: 0.8
CARNEGIE MELLON:	VU#642760
value:	10.50
Trust: 0.8
CARNEGIE MELLON:	VU#310816
value:	1.62
Trust: 0.8
CNNVD:	CNNVD-200107-038
value:	LOW
Trust: 0.6
VULHUB:	VHN-3263
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2001-0444
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3263
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#601312 // CERT/CC: VU#642760 // CERT/CC: VU#310816 // VULHUB: VHN-3263 // CNNVD: CNNVD-200107-038 // NVD: CVE-2001-0444

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0444

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200107-038

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200107-038

EXTERNAL IDS

db:	NVD	id:	CVE-2001-0444	Trust: 1.7
db:	BID	id:	2635	Trust: 1.7
db:	OSVDB	id:	1796	Trust: 1.7
db:	BID	id:	2598	Trust: 1.1
db:	XF	id:	6347	Trust: 0.8
db:	BID	id:	2565	Trust: 0.8
db:	CERT/CC	id:	VU#601312	Trust: 0.8
db:	XF	id:	6351	Trust: 0.8
db:	CERT/CC	id:	VU#642760	Trust: 0.8
db:	XF	id:	6423	Trust: 0.8
db:	BID	id:	2636	Trust: 0.8
db:	CERT/CC	id:	VU#310816	Trust: 0.8
db:	BUGTRAQ	id:	20010420 BUG IN CISCO CBOS V2.3.0.053	Trust: 0.6
db:	XF	id:	6453	Trust: 0.6
db:	CNNVD	id:	CNNVD-200107-038	Trust: 0.6
db:	VULHUB	id:	VHN-3263	Trust: 0.1

sources: CERT/CC: VU#601312 // CERT/CC: VU#642760 // CERT/CC: VU#310816 // VULHUB: VHN-3263 // BID: 2598 // CNNVD: CNNVD-200107-038 // NVD: CVE-2001-0444

REFERENCES

url:	http://www.securityfocus.com/bid/2635	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2001-04/0380.html	Trust: 1.7
url:	http://www.osvdb.org/1796	Trust: 1.7
url:	http://www.securityfocus.com/advisories/3208	Trust: 1.6
url:	http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6453	Trust: 1.1
url:	http://www.securityfocus.com/bid/2565	Trust: 0.8
url:	http://xforce.iss.net/static/6347.php	Trust: 0.8
url:	http://www.securityfocus.com/bid/2598	Trust: 0.8
url:	http://xforce.iss.net/static/6351.php	Trust: 0.8
url:	http://www.securityfocus.com/bid/2636	Trust: 0.8
url:	http://www.ritlabs.com/the_bat/index.html	Trust: 0.8
url:	http://www.security.nnov.ru/search/news.asp?binid=1136	Trust: 0.8
url:	http://xforce.iss.net/static/6423.php	Trust: 0.8
url:	http://xforce.iss.net/static/6453.php	Trust: 0.6
url:	http://www.lotus.com/home.nsf/welcome/domino	Trust: 0.3

sources: CERT/CC: VU#601312 // CERT/CC: VU#642760 // CERT/CC: VU#310816 // VULHUB: VHN-3263 // BID: 2598 // CNNVD: CNNVD-200107-038 // NVD: CVE-2001-0444

CREDITS

Discovered and posted to Bugtraq by <peter.grundl@defcom.com> on April 11, 2001.

Trust: 0.3

sources: BID: 2598

SOURCES

db:	CERT/CC	id:	VU#601312
db:	CERT/CC	id:	VU#642760
db:	CERT/CC	id:	VU#310816
db:	VULHUB	id:	VHN-3263
db:	BID	id:	2598
db:	CNNVD	id:	CNNVD-200107-038
db:	NVD	id:	CVE-2001-0444

LAST UPDATE DATE

2024-10-16T19:59:13.119000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#601312	date:	2001-07-17T00:00:00
db:	CERT/CC	id:	VU#642760	date:	2001-07-17T00:00:00
db:	CERT/CC	id:	VU#310816	date:	2001-08-30T00:00:00
db:	VULHUB	id:	VHN-3263	date:	2017-10-10T00:00:00
db:	BID	id:	2598	date:	2001-04-11T00:00:00
db:	CNNVD	id:	CNNVD-200107-038	date:	2005-10-12T00:00:00
db:	NVD	id:	CVE-2001-0444	date:	2017-10-10T01:29:43.860

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#601312	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#642760	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#310816	date:	2001-06-01T00:00:00
db:	VULHUB	id:	VHN-3263	date:	2001-07-02T00:00:00
db:	BID	id:	2598	date:	2001-04-11T00:00:00
db:	CNNVD	id:	CNNVD-200107-038	date:	2001-07-02T00:00:00
db:	NVD	id:	CVE-2001-0444	date:	2001-07-02T04:00:00