Denial of Service Vulnerability in IBM Lotus Domino Server
CVE-2005-0986

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Domino Server
Vendor: CVE Published:; 2 May 2005

Summary

A vulnerability exists in the NLSCCSTR.DLL component of the web service in IBM Lotus Domino Server that allows remote attackers to cause a denial of service by sending a long GET request with a specific UNICODE decimal value. This can lead to deep recursion and subsequently crash the nHTTP.exe process, exhausting the stack and impacting server availability. IBM has indicated difficulties in replicating this issue, but the potential for exploitation remains.

References

http://www-1.ibm.com/support/docview.wss?uid=swg21202446

x_refsource_MISC

http://secunia.com/advisories/14858

third-party-advisoryx_refsource_SECUNIA

http://www.idefense.com/application/poi/display?id=224&ty...

third-party-advisoryx_refsource_IDEFENSE

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 6, 2005