Details of VAR-200106-0168

ID

VAR-200106-0168

CVE

CVE-2001-0412

TITLE

Lotus Domino vulnerable to DoS via large crafted URL request

Trust: 0.8

sources: CERT/CC: VU#642760

DESCRIPTION

Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. "The Bat!" is an MUA for Windows by Rit Research Labs. "The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account

Trust: 3.42

sources: NVD: CVE-2001-0412 // CERT/CC: VU#642760 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 2636 // VULHUB: VHN-3231

AFFECTED PRODUCTS

vendor:	lotus	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	cisco	model:	content services switch 11050	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content services switch 11150	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content services switch 11800	scope:	eq	version:	*	Trust: 1.0
vendor:	rit	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	content services switch 11150	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	content services switch 11050	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	content services switch 11800	scope:	-	version:	-	Trust: 0.6
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.101	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.51	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.49	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.48	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.47	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.46	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.45	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.44	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.43	Trust: 0.3
vendor:	rit	model:	research labs the bat! f	scope:	eq	version:	1.42	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.42	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.41	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.39	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.36	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.35	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.34	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.33	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.32	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.31	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.22	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.21	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.19	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.18	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.17	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.15	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.14	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.5	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.1	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.043	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.041	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.039	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.036	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.035	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.032	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.031	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.029	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.028	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.015	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.011	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	ne	version:	1.52	Trust: 0.3

sources: CERT/CC: VU#642760 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 2636 // CNNVD: CNNVD-200106-094 // NVD: CVE-2001-0412

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0412
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#642760
value:	10.50
Trust: 0.8
CARNEGIE MELLON:	VU#555464
value:	4.25
Trust: 0.8
CARNEGIE MELLON:	VU#310816
value:	1.62
Trust: 0.8
CNNVD:	CNNVD-200106-094
value:	HIGH
Trust: 0.6
VULHUB:	VHN-3231
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-0412
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3231
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#642760 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-3231 // CNNVD: CNNVD-200106-094 // NVD: CVE-2001-0412

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0412

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200106-094

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200106-094

EXTERNAL IDS

db:	OSVDB	id:	1784	Trust: 1.7
db:	BID	id:	2559	Trust: 1.7
db:	NVD	id:	CVE-2001-0412	Trust: 1.7
db:	BID	id:	2636	Trust: 1.1
db:	BID	id:	2598	Trust: 0.8
db:	XF	id:	6351	Trust: 0.8
db:	CERT/CC	id:	VU#642760	Trust: 0.8
db:	BID	id:	2599	Trust: 0.8
db:	XF	id:	6350	Trust: 0.8
db:	CERT/CC	id:	VU#555464	Trust: 0.8
db:	XF	id:	6423	Trust: 0.8
db:	CERT/CC	id:	VU#310816	Trust: 0.8
db:	CNNVD	id:	CNNVD-200106-094	Trust: 0.7
db:	XF	id:	6322	Trust: 0.6
db:	CISCO	id:	20010404 CISCO CONTENT SERVICES SWITCH USER ACCOUNT VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-3231	Trust: 0.1

sources: CERT/CC: VU#642760 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-3231 // BID: 2636 // CNNVD: CNNVD-200106-094 // NVD: CVE-2001-0412

REFERENCES

url:	http://www.securityfocus.com/bid/2559	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml	Trust: 1.7
url:	http://www.osvdb.org/1784	Trust: 1.7
url:	http://www.securityfocus.com/advisories/3208	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6322	Trust: 1.1
url:	http://www.securityfocus.com/bid/2598	Trust: 0.8
url:	http://xforce.iss.net/static/6351.php	Trust: 0.8
url:	http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126	Trust: 0.8
url:	http://www.securityfocus.com/bid/2599	Trust: 0.8
url:	http://xforce.iss.net/static/6350.php	Trust: 0.8
url:	http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument	Trust: 0.8
url:	http://www.securityfocus.com/bid/2636	Trust: 0.8
url:	http://www.ritlabs.com/the_bat/index.html	Trust: 0.8
url:	http://www.security.nnov.ru/search/news.asp?binid=1136	Trust: 0.8
url:	http://xforce.iss.net/static/6423.php	Trust: 0.8
url:	http://xforce.iss.net/static/6322.php	Trust: 0.6
url:	http://www.thebat.net	Trust: 0.3

sources: CERT/CC: VU#642760 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-3231 // BID: 2636 // CNNVD: CNNVD-200106-094 // NVD: CVE-2001-0412

CREDITS

This vulnerability was announced to Bugtraq in a Cisco Security Advisory dated April 4, 2001.

Trust: 0.6

sources: CNNVD: CNNVD-200106-094

SOURCES

db:	CERT/CC	id:	VU#642760
db:	CERT/CC	id:	VU#555464
db:	CERT/CC	id:	VU#310816
db:	VULHUB	id:	VHN-3231
db:	BID	id:	2636
db:	CNNVD	id:	CNNVD-200106-094
db:	NVD	id:	CVE-2001-0412

LAST UPDATE DATE

2025-09-30T00:06:14.508000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#642760	date:	2001-07-17T00:00:00
db:	CERT/CC	id:	VU#555464	date:	2001-07-17T00:00:00
db:	CERT/CC	id:	VU#310816	date:	2001-08-30T00:00:00
db:	VULHUB	id:	VHN-3231	date:	2017-10-10T00:00:00
db:	BID	id:	2636	date:	2001-04-18T00:00:00
db:	CNNVD	id:	CNNVD-200106-094	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2001-0412	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#642760	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#555464	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#310816	date:	2001-06-01T00:00:00
db:	VULHUB	id:	VHN-3231	date:	2001-06-18T00:00:00
db:	BID	id:	2636	date:	2001-04-18T00:00:00
db:	CNNVD	id:	CNNVD-200106-094	date:	2001-06-18T00:00:00
db:	NVD	id:	CVE-2001-0412	date:	2001-06-18T04:00:00