Rapid7 Vulnerability & Exploit Database

Lotus Notes/Domino Alternate Name Theoretical Database Lock Denial of Service

Back to Search

Lotus Notes/Domino Alternate Name Theoretical Database Lock Denial of Service

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
12/07/2001
Created
07/25/2018
Added
11/01/2004
Modified
12/04/2013

Description

A BugTraq report states that the Lotus HTTP server can be fooled into locking a database by using a specially crafted URL, thereby causing a denial-of-service on that database. However, IBM's response to this issue states that in order for this exploit to be successful, the database must not have been previously accessed either by a server task or by a user. It affects only the database specified in the URL, not the entire server.

Due to the rare conditions needed for this exploit to be successful, it is highly unlikely to be exploited outside of a lab or testing environment. If it is found to occur, the server must be restarted to release the lock on the database.

Solution(s)

  • http-domino-0183

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;