Skip to main content

Support & downloads  >  

Lotus Domino Denial of Service Attacks; reported by NGSS
 Technote (FAQ)
 
Question
Certain incomplete or overly long POST requests can cause the HTTP server task to fail. This vulnerability can be exploited by a malicious user to bring down the Web server task. The server does not crash, but the HTTP task needs to be restarted.
 
Answer
This issue was reported to Lotus Software Quality Engineering and has been addressed in Domino 5.0.12 and Domino 6.0.1.

Customers running 5.0x servers should upgrade to 5.0.12 or later to resolve the problem. Customers running 6.0 servers should upgrade to 6.0.1 or later to resolve the problem.

Excerpt from the Lotus Notes and Lotus Domino Release 5.0.12 and 6.0.1 Fix List
(available from http://www.lotus.com/ldd):
    SPR# KSPR5HTQHS - Fixed a potential Denial of Service Attack.
Related URLs:

NGSS Advisory # NISR17022003d: http://www.nextgenss.com/advisories/lotus-60dos.txt

CERT VU# 355169: http://www.kb.cert.org/vuls
 
 
  

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
This material provides me with the information I need.




This material is clear and easy to understand.




Did the information help you to achieve your goal?
What updates, improvements, or related information would you like to see in this document?
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.
Input the verification number to submit feedback:
Document information
 Product categories:
 Software
 Messaging Applications
 E-Mail
 Lotus End of Support Products
 Lotus Domino Server
 Operating system(s):
  AIX, HP-UX, Linux, Solaris, Windows, i5/OS, z/OS
 Software version:
  5.0, 6.0
 Reference #:
  1104528
 IBM Group:
 Software Group
 Modified date:
 2004-09-13

Translate My Page
 
 

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.