IBM Lotus Domino HTTP /cgi-bin Relative URL Request DoS

medium Nessus Plugin ID 10059

Synopsis

The remote web server is vulnerable to a denial of service attack.

Description

It was possible to perform a denial of service against the remote web server by sending it a long /cgi-bin relative URL.

This problem allows an attacker to prevent your Lotus Domino web server from handling requests.

Solution

Contact the vendor for a patch or use a different product.

Also, consider changing cgi-bin mapping by something impossible to guess in server document of primary Notes NAB.

See Also

https://seclists.org/bugtraq/1999/Dec/257

https://seclists.org/bugtraq/1999/Dec/329

Plugin Details

Severity: Medium

ID: 10059

File Name: domino_http_dos.nasl

Version: 1.40

Type: remote

Family: Web Servers

Published: 12/21/1999

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:ibm:lotus_domino

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/21/1999

Reference Information

CVE: CVE-2000-0023

BID: 881