Sign-up

ID

VAR-200107-0175


CVE

CVE-2001-0385


TITLE

Lotus Domino vulnerable to DoS via crafted unicode GET request

Trust: 0.8

sources: CERT/CC: VU#676552

DESCRIPTION

GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. The GoAhead Web Server is a freely available, open source software package developed by GoAhead. The GoAhead Web Server offers a multi-platform web server and source code to the community. The process has to be manually restarted to resume normal operation. Submitting numerous HTTP requests with modified headers, could cause Lotus Domino to consume all available system resources. GoAhead webserver version 2.1 has a vulnerability

Trust: 4.41

sources: NVD: CVE-2001-0385 // CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 2607 // BID: 2565 // VULHUB: VHN-3204

AFFECTED PRODUCTS

vendor:lotusmodel: - scope: - version: -

Trust: 2.4

vendor:goaheadmodel:webserverscope:eqversion:2.1

Trust: 1.6

vendor:ritmodel: - scope: - version: -

Trust: 0.8

vendor:goaheadmodel:software goahead webserverscope:eqversion:2.1

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.6

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.5

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.4

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.3

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.2

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.1

Trust: 0.3

vendor:lotusmodel:dominoscope:neversion:5.0.7

Trust: 0.3

sources: CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 2607 // BID: 2565 // CNNVD: CNNVD-200107-037 // NVD: CVE-2001-0385

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0385
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#676552
value: 10.50

Trust: 0.8

CARNEGIE MELLON: VU#601312
value: 9.98

Trust: 0.8

CARNEGIE MELLON: VU#555464
value: 4.25

Trust: 0.8

CARNEGIE MELLON: VU#310816
value: 1.62

Trust: 0.8

CNNVD: CNNVD-200107-037
value: MEDIUM

Trust: 0.6

VULHUB: VHN-3204
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2001-0385
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3204
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-3204 // CNNVD: CNNVD-200107-037 // NVD: CVE-2001-0385

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0385

THREAT TYPE

network

Trust: 0.6

sources: BID: 2607 // BID: 2565

TYPE

Unknown

Trust: 0.9

sources: BID: 2607 // CNNVD: CNNVD-200107-037

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-3204

EXTERNAL IDS
db:BIDid:2607
Trust: 2.0
db:NVDid:CVE-2001-0385
Trust: 2.0
db:OSVDBid:6664
Trust: 1.7
db:BIDid:2565
Trust: 1.1
db:OSVDBid:81099
Trust: 1.1
db:BIDid:2571
Trust: 0.8
db:XFid:6349
Trust: 0.8
db:CERT/CCid:VU#676552
Trust: 0.8
db:XFid:6347
Trust: 0.8
db:CERT/CCid:VU#601312
Trust: 0.8
db:BIDid:2599
Trust: 0.8
db:XFid:6350
Trust: 0.8
db:CERT/CCid:VU#555464
Trust: 0.8
db:XFid:6423
Trust: 0.8
db:BIDid:2636
Trust: 0.8
db:CERT/CCid:VU#310816
Trust: 0.8
db:BUGTRAQid:20010417 ADVISORY FOR GOAHEAD WEBSERVER V2.1
Trust: 0.6
db:XFid:6400
Trust: 0.6
db:CNNVDid:CNNVD-200107-037
Trust: 0.6
db:SEEBUGid:SSVID-74628
Trust: 0.1
db:EXPLOIT-DBid:20770
Trust: 0.1
db:VULHUBid:VHN-3204
Trust: 0.1
sources:
            
            
            CERT/CC: VU#676552 // 
            
            
            
            CERT/CC: VU#601312 // 
            
            
            
            CERT/CC: VU#555464 // 
            
            
            
            CERT/CC: VU#310816 // 
            
            
            
            VULHUB: VHN-3204 // 
            
            
            
            BID: 2607 // 
            
            
            
            BID: 2565 // 
            
            
            
            CNNVD: CNNVD-200107-037 // 
            
            
            
            NVD: CVE-2001-0385

REFERENCES
url:http://www.securityfocus.com/advisories/3208
Trust: 2.4
url:http://www.securityfocus.com/bid/2607
Trust: 1.7
url:http://archives.neohapsis.com/archives/bugtraq/2001-04/0281.html
Trust: 1.7
url:http://www.osvdb.org/6664
Trust: 1.7
url:http://freecode.com/projects/embedthis-goahead-webserver/releases/343539
Trust: 1.1
url:http://osvdb.org/81099
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6400
Trust: 1.1
url:http://www.securityfocus.com/bid/2571
Trust: 0.8
url:http://xforce.iss.net/static/6349.php
Trust: 0.8
url:http://www.securityfocus.com/bid/2565
Trust: 0.8
url:http://xforce.iss.net/static/6347.php
Trust: 0.8
url:http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126
Trust: 0.8
url:http://www.securityfocus.com/bid/2599
Trust: 0.8
url:http://xforce.iss.net/static/6350.php
Trust: 0.8
url:http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument
Trust: 0.8
url:http://www.securityfocus.com/bid/2636
Trust: 0.8
url:http://www.ritlabs.com/the_bat/index.html
Trust: 0.8
url:http://www.security.nnov.ru/search/news.asp?binid=1136
Trust: 0.8
url:http://xforce.iss.net/static/6423.php
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/6400
Trust: 0.6
url:http://www.lotus.com/home.nsf/welcome/domino
Trust: 0.3
sources:
            
            
            CERT/CC: VU#676552 // 
            
            
            
            CERT/CC: VU#601312 // 
            
            
            
            CERT/CC: VU#555464 // 
            
            
            
            CERT/CC: VU#310816 // 
            
            
            
            VULHUB: VHN-3204 // 
            
            
            
            BID: 2565 // 
            
            
            
            CNNVD: CNNVD-200107-037 // 
            
            
            
            NVD: CVE-2001-0385

CREDITS
This vulnerability was announced to Bugtraq by nemesystm <neme-dhc@hushmail.com> on April 17, 2001.
Trust: 0.9
sources:
            
            
            BID: 2607 // 
            
            
            
            CNNVD: CNNVD-200107-037

SOURCES
db:CERT/CCid:VU#676552
db:CERT/CCid:VU#601312
db:CERT/CCid:VU#555464
db:CERT/CCid:VU#310816
db:VULHUBid:VHN-3204
db:BIDid:2607
db:BIDid:2565
db:CNNVDid:CNNVD-200107-037
db:NVDid:CVE-2001-0385

LAST UPDATE DATE
2025-02-22T19:37:48.729000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#676552date:2001-07-26T00:00:00
db:CERT/CCid:VU#601312date:2001-07-17T00:00:00
db:CERT/CCid:VU#555464date:2001-07-17T00:00:00
db:CERT/CCid:VU#310816date:2001-08-30T00:00:00
db:VULHUBid:VHN-3204date:2017-12-20T00:00:00
db:BIDid:2607date:2009-07-11T06:06:00
db:BIDid:2565date:2001-04-11T00:00:00
db:CNNVDid:CNNVD-200107-037date:2005-10-20T00:00:00
db:NVDid:CVE-2001-0385date:2017-12-20T02:29:00.443

SOURCES RELEASE DATE
db:CERT/CCid:VU#676552date:2001-07-23T00:00:00
db:CERT/CCid:VU#601312date:2001-07-12T00:00:00
db:CERT/CCid:VU#555464date:2001-07-12T00:00:00
db:CERT/CCid:VU#310816date:2001-06-01T00:00:00
db:VULHUBid:VHN-3204date:2001-07-02T00:00:00
db:BIDid:2607date:2001-04-17T00:00:00
db:BIDid:2565date:2001-04-11T00:00:00
db:CNNVDid:CNNVD-200107-037date:2001-07-02T00:00:00
db:NVDid:CVE-2001-0385date:2001-07-02T04:00:00