IBM Support

Accessing certain URLs can cause the IBM Lotus Domino Web Server to crash

Technote (FAQ)


Under certain circumstances, accessing URLs that reference particular files can cause a Lotus® Domino® Web Server to crash, resulting in a denial of service.


This regression was introduced in Lotus Domino 6.0.


This issue was reported to Quality Engineering as SPR# MKEN6X3NKK, and has been addressed in the following releases of Lotus® Domino®:

  • Domino 6.5.6 Fix Pack 3 (FP3)
  • Domino 7.0.2 Fix Pack 2 (FP2)
  • Domino 7.0.3
  • Domino 8.0

CVE: CVE-2007-0067
Attack vector: Remote
Impact: Denial of Service

Assessing this vulnerability using the Common Vulnerability Scoring System (CVSS):
CVSS Base Score: 5
CVSS Temporal Score: 3.9
CVSS Environmental Score: Undefined*
Overall CVSS Score: 3.9

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links below.

Base Score Metrics:
Related exploit range/Attack Vector: Remote
Attack Complexity: Low
Level of Authentication Needed: Not Required
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Complete
Impact Value Weighting: Weight Availability

Temporal Score Metrics:
Availability of Exploit: Proof of concept code
Type of Fix available: Official fix
Level of verification that vulnerability exists: Confirmed

Complete CVSS Guide:

Online Calculator:

Document information

More support for: IBM Domino

Software version: 6.0, 6.5, 7.0

Operating system(s): AIX, Linux, Solaris, Windows

Reference #: 1257251

Modified date: 29 September 2015

Translate this page: