CVE-2005-0986

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Domino Server
Vendor: CVE Published:; 2 May 2005

Summary

NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET request containing UNICODE decimal value 430 characters, which causes the stack to be exhausted. NOTE: IBM has reported that it is unable to replicate this issue.

References

http://www-1.ibm.com/support/docview.wss?uid=swg21202446

x_refsource_MISC

http://secunia.com/advisories/14858

third-party-advisoryx_refsource_SECUNIA

http://www.idefense.com/application/poi/display?id=224&ty...

third-party-advisoryx_refsource_IDEFENSE

EPSS Score

91% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 6, 2005