Rapid7 Vulnerability & Exploit Database

Lotus Domino DOS Device Denial of Service (NUL.pif)

Back to Search

Lotus Domino DOS Device Denial of Service (NUL.pif)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
12/31/2002
Created
07/25/2018
Added
11/01/2004
Modified
07/19/2012

Description

Lotus Domino Server is an application framework for web based collaborative software. It runs on multiple platforms including Windows and Unix. All versions of Lotus Domino Webserver prior to 5.0.9a running on Windows 2000 are vulnerable to a denial of service condition. If a request for a DOS device from /cgi-bin has an extension of 220 characters, the server will spawn a cmd.exe session to run nul.pif. The server will also pop up a window asking for a program association to run nul.pif with. If this is done approximately 400 times, the server will reportedly run out of working threads.

Solution(s)

  • lotus-domino-upgrade-r5-5_0_9a

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;