Details of VAR-200107-0019

ID

VAR-200107-0019

CVE

CVE-2001-1097

TITLE

Lotus Domino vulnerable to a denial of service via DOS device request

Trust: 0.8

sources: CERT/CC: VU#890128

DESCRIPTION

Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. If numerous requests are made for MS DOS device names, ncgihttp.exe inappropriately handles them, resulting in the exhaustion of system resources. A potential denial of service condition may exist in Cisco's IOS firmware. The problem reportedly occurs when a large number of UDP packets are sent to device running IOS. This causes the system to use all available CPU resources and thus become unresponsive. The device may have to be reset manually if the attack is successful

Trust: 2.97

sources: NVD: CVE-2001-1097 // CERT/CC: VU#890128 // CERT/CC: VU#642760 // BID: 2575 // BID: 3096 // VULHUB: VHN-3902

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 1.9
vendor:	cisco	model:	ios	scope:	eq	version:	12.1	Trust: 1.9
vendor:	cisco	model:	ios	scope:	eq	version:	12.0	Trust: 1.9
vendor:	lotus	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.0\(3\)	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.0\(2\)	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.0\(7\)t	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.0\(5\)	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.0\(6\)	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.0\(1\)	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.0\(4\)	Trust: 1.6
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	lotus	model:	domino	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	lotus	model:	domino	scope:	ne	version:	5.0.7	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0.7	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0.6	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0.5	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0.4	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0.3	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0.2	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0.1	Trust: 0.3
vendor:	cisco	model:	ios 12.0 t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0(5)	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	12.0(3)	Trust: 0.3

sources: CERT/CC: VU#890128 // CERT/CC: VU#642760 // BID: 2575 // BID: 3096 // CNNVD: CNNVD-200107-173 // NVD: CVE-2001-1097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1097
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#890128
value:	5.07
Trust: 0.8
CARNEGIE MELLON:	VU#642760
value:	10.50
Trust: 0.8
CNNVD:	CNNVD-200107-173
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-3902
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-1097
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3902
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#890128 // CERT/CC: VU#642760 // VULHUB: VHN-3902 // CNNVD: CNNVD-200107-173 // NVD: CVE-2001-1097

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1097

THREAT TYPE

network

Trust: 0.6

sources: BID: 2575 // BID: 3096

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200107-173

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-3902

EXTERNAL IDS

db:	NVD	id:	CVE-2001-1097	Trust: 2.0
db:	BID	id:	3096	Trust: 2.0
db:	BID	id:	2575	Trust: 1.1
db:	XF	id:	6348	Trust: 0.8
db:	CERT/CC	id:	VU#890128	Trust: 0.8
db:	BID	id:	2598	Trust: 0.8
db:	XF	id:	6351	Trust: 0.8
db:	CERT/CC	id:	VU#642760	Trust: 0.8
db:	CNNVD	id:	CNNVD-200107-173	Trust: 0.7
db:	XF	id:	6913	Trust: 0.6
db:	XF	id:	6319	Trust: 0.6
db:	BUGTRAQ	id:	20010724 UDP PACKET HANDLING WEIRD BEHAVIOUR OF VARIOUS OPERATING SYSTEMS	Trust: 0.6
db:	BUGTRAQ	id:	20010811 RE: UDP PACKET HANDLING WEIRD BEHAVIOUR OF VARIOUS OPERATING SYSTEMS	Trust: 0.6
db:	EXPLOIT-DB	id:	21028	Trust: 0.1
db:	SEEBUG	id:	SSVID-74875	Trust: 0.1
db:	VULHUB	id:	VHN-3902	Trust: 0.1

sources: CERT/CC: VU#890128 // CERT/CC: VU#642760 // VULHUB: VHN-3902 // BID: 2575 // BID: 3096 // CNNVD: CNNVD-200107-173 // NVD: CVE-2001-1097

REFERENCES

url:	http://www.securityfocus.com/bid/3096	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/199558	Trust: 1.7
url:	http://www.securityfocus.com/advisories/3208	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6913	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=99749327219189&w=2	Trust: 1.0
url:	http://www.securityfocus.com/bid/2575	Trust: 0.8
url:	http://xforce.iss.net/static/6348.php	Trust: 0.8
url:	http://www.securityfocus.com/bid/2598	Trust: 0.8
url:	http://xforce.iss.net/static/6351.php	Trust: 0.8
url:	http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126	Trust: 0.8
url:	http://xforce.iss.net/static/6913.php	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=99749327219189&w=2	Trust: 0.6
url:	http://www.lotus.com/home.nsf/welcome/domino	Trust: 0.3
url:	http://www.cisco.com/warp/public/707/sec_incident_response.shtml	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=99749327219189&w=2	Trust: 0.1

sources: CERT/CC: VU#890128 // CERT/CC: VU#642760 // VULHUB: VHN-3902 // BID: 2575 // BID: 3096 // CNNVD: CNNVD-200107-173 // NVD: CVE-2001-1097

CREDITS

Discovered and posted to Bugtraq by Peter Gründl <peter.grundl@defcom.com> on April 11, 2001.

Trust: 0.3

sources: BID: 2575

SOURCES

db:	CERT/CC	id:	VU#890128
db:	CERT/CC	id:	VU#642760
db:	VULHUB	id:	VHN-3902
db:	BID	id:	2575
db:	BID	id:	3096
db:	CNNVD	id:	CNNVD-200107-173
db:	NVD	id:	CVE-2001-1097

LAST UPDATE DATE

2026-04-09T21:02:07.233000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#890128	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#642760	date:	2001-07-17T00:00:00
db:	VULHUB	id:	VHN-3902	date:	2017-12-19T00:00:00
db:	BID	id:	2575	date:	2001-04-11T00:00:00
db:	BID	id:	3096	date:	2015-03-19T08:49:00
db:	CNNVD	id:	CNNVD-200107-173	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1097	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#890128	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#642760	date:	2001-07-12T00:00:00
db:	VULHUB	id:	VHN-3902	date:	2001-07-24T00:00:00
db:	BID	id:	2575	date:	2001-04-11T00:00:00
db:	BID	id:	3096	date:	2001-07-25T00:00:00
db:	CNNVD	id:	CNNVD-200107-173	date:	2001-07-24T00:00:00
db:	NVD	id:	CVE-2001-1097	date:	2001-07-24T04:00:00