Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: web4890.htm

Lotus Domino HTTP server DoS
4th Dec 2001 [SBWID-4890]

	Domino HTTP server


	Lotus Domino 5.08 and earlier


	Hendrik-Jan Verheij  reported  following,  discovered  &  tested  by
	Ninke Westra :

	There exists a DOS in the current  version  of  Lotus  Domino  5.08  and

	The DOS manifests itself on Lotus Domino  servers  with  the  http  task
	running and ssl enabled.

	A connection to the victim on port 443  with  the  nmap  \'-sR\'  switch
	will target this port with SunRPC program NULL commands  in  an  attempt
	to determine whether it is an RPC port, and if so, what program  and  version
	number it serves up.

	Our first attempt brought the domino test server down.  Tests  on  other
	setups revealed the same behaviour.

	The task that crashes is  the  nhttp  task.  It  takes  down  the  whole

	the nmap command used:

	nmap -n -p 443 -sR



	Lotus has acknowledged the issue and the internal  reference  number  is


	The issue has been fixed in Lotus Domino 5.09 which  is  available  from as an incremental upgrade.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH