Sign-up

ID

VAR-200107-0019


CVE

CVE-2001-1097


TITLE

Lotus Domino vulnerable to DoS via crafted unicode GET request

Trust: 0.8

sources: CERT/CC: VU#676552

DESCRIPTION

Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Submitting numerous HTTP requests with modified headers, could cause Lotus Domino to consume all available system resources. A potential denial of service condition may exist in Cisco's IOS firmware. The problem reportedly occurs when a large number of UDP packets are sent to device running IOS. This causes the system to use all available CPU resources and thus become unresponsive. The device may have to be reset manually if the attack is successful

Trust: 4.41

sources: NVD: CVE-2001-1097 // CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#642760 // CERT/CC: VU#310816 // BID: 2565 // BID: 3096 // VULHUB: VHN-3902

AFFECTED PRODUCTS

vendor:lotusmodel: - scope: - version: -

Trust: 2.4

vendor:ciscomodel:iosscope:eqversion:12.2

Trust: 1.9

vendor:ciscomodel:iosscope:eqversion:12.1

Trust: 1.9

vendor:ciscomodel:iosscope:eqversion:12.0

Trust: 1.9

vendor:ciscomodel:iosscope:eqversion:12.0\(3\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0\(7\)t

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0\(5\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0\(6\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0\(4\)

Trust: 1.6

vendor:ritmodel: - scope: - version: -

Trust: 0.8

vendor:lotusmodel:dominoscope:eqversion:5.0.6

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.5

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.4

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.3

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.2

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.1

Trust: 0.3

vendor:lotusmodel:dominoscope:neversion:5.0.7

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.7

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.6

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.5

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.4

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.3

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios 12.0 tscope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0(5)

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0(3)

Trust: 0.3

sources: CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#642760 // CERT/CC: VU#310816 // BID: 2565 // BID: 3096 // CNNVD: CNNVD-200107-173 // NVD: CVE-2001-1097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-1097
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#676552
value: 10.50

Trust: 0.8

CARNEGIE MELLON: VU#601312
value: 9.98

Trust: 0.8

CARNEGIE MELLON: VU#642760
value: 10.50

Trust: 0.8

CARNEGIE MELLON: VU#310816
value: 1.62

Trust: 0.8

CNNVD: CNNVD-200107-173
value: MEDIUM

Trust: 0.6

VULHUB: VHN-3902
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2001-1097
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3902
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#676552 // CERT/CC: VU#601312 // CERT/CC: VU#642760 // CERT/CC: VU#310816 // VULHUB: VHN-3902 // CNNVD: CNNVD-200107-173 // NVD: CVE-2001-1097

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1097

THREAT TYPE

network

Trust: 0.6

sources: BID: 2565 // BID: 3096

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200107-173

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-3902

EXTERNAL IDS
db:NVDid:CVE-2001-1097
Trust: 2.0
db:BIDid:3096
Trust: 2.0
db:BIDid:2565
Trust: 1.1
db:BIDid:2571
Trust: 0.8
db:XFid:6349
Trust: 0.8
db:CERT/CCid:VU#676552
Trust: 0.8
db:XFid:6347
Trust: 0.8
db:CERT/CCid:VU#601312
Trust: 0.8
db:BIDid:2598
Trust: 0.8
db:XFid:6351
Trust: 0.8
db:CERT/CCid:VU#642760
Trust: 0.8
db:XFid:6423
Trust: 0.8
db:BIDid:2636
Trust: 0.8
db:CERT/CCid:VU#310816
Trust: 0.8
db:CNNVDid:CNNVD-200107-173
Trust: 0.7
db:XFid:6913
Trust: 0.6
db:XFid:6319
Trust: 0.6
db:BUGTRAQid:20010724 UDP PACKET HANDLING WEIRD BEHAVIOUR OF VARIOUS OPERATING SYSTEMS
Trust: 0.6
db:BUGTRAQid:20010811 RE: UDP PACKET HANDLING WEIRD BEHAVIOUR OF VARIOUS OPERATING SYSTEMS
Trust: 0.6
db:EXPLOIT-DBid:21028
Trust: 0.1
db:SEEBUGid:SSVID-74875
Trust: 0.1
db:VULHUBid:VHN-3902
Trust: 0.1
sources:
            
            
            CERT/CC: VU#676552 // 
            
            
            
            CERT/CC: VU#601312 // 
            
            
            
            CERT/CC: VU#642760 // 
            
            
            
            CERT/CC: VU#310816 // 
            
            
            
            VULHUB: VHN-3902 // 
            
            
            
            BID: 2565 // 
            
            
            
            BID: 3096 // 
            
            
            
            CNNVD: CNNVD-200107-173 // 
            
            
            
            NVD: CVE-2001-1097

REFERENCES
url:http://www.securityfocus.com/advisories/3208
Trust: 2.4
url:http://www.securityfocus.com/bid/3096
Trust: 1.7
url:http://www.securityfocus.com/archive/1/199558
Trust: 1.7
url:http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6913
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=99749327219189&w=2
Trust: 1.0
url:http://www.securityfocus.com/bid/2571
Trust: 0.8
url:http://xforce.iss.net/static/6349.php
Trust: 0.8
url:http://www.securityfocus.com/bid/2565
Trust: 0.8
url:http://xforce.iss.net/static/6347.php
Trust: 0.8
url:http://www.securityfocus.com/bid/2598
Trust: 0.8
url:http://xforce.iss.net/static/6351.php
Trust: 0.8
url:http://www.securityfocus.com/bid/2636
Trust: 0.8
url:http://www.ritlabs.com/the_bat/index.html
Trust: 0.8
url:http://www.security.nnov.ru/search/news.asp?binid=1136
Trust: 0.8
url:http://xforce.iss.net/static/6423.php
Trust: 0.8
url:http://xforce.iss.net/static/6913.php
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=99749327219189&w=2
Trust: 0.6
url:http://www.lotus.com/home.nsf/welcome/domino
Trust: 0.3
url:http://www.cisco.com/warp/public/707/sec_incident_response.shtml
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=99749327219189&w=2
Trust: 0.1
sources:
            
            
            CERT/CC: VU#676552 // 
            
            
            
            CERT/CC: VU#601312 // 
            
            
            
            CERT/CC: VU#642760 // 
            
            
            
            CERT/CC: VU#310816 // 
            
            
            
            VULHUB: VHN-3902 // 
            
            
            
            BID: 2565 // 
            
            
            
            BID: 3096 // 
            
            
            
            CNNVD: CNNVD-200107-173 // 
            
            
            
            NVD: CVE-2001-1097

CREDITS
Discovered and posted to Bugtraq by Peter Gründl <peter.grundl@defcom.com> on April 11, 2001.
Trust: 0.3
sources:
            
            
            BID: 2565

SOURCES
db:CERT/CCid:VU#676552
db:CERT/CCid:VU#601312
db:CERT/CCid:VU#642760
db:CERT/CCid:VU#310816
db:VULHUBid:VHN-3902
db:BIDid:2565
db:BIDid:3096
db:CNNVDid:CNNVD-200107-173
db:NVDid:CVE-2001-1097

LAST UPDATE DATE
2025-04-30T19:51:42.931000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#676552date:2001-07-26T00:00:00
db:CERT/CCid:VU#601312date:2001-07-17T00:00:00
db:CERT/CCid:VU#642760date:2001-07-17T00:00:00
db:CERT/CCid:VU#310816date:2001-08-30T00:00:00
db:VULHUBid:VHN-3902date:2017-12-19T00:00:00
db:BIDid:2565date:2001-04-11T00:00:00
db:BIDid:3096date:2015-03-19T08:49:00
db:CNNVDid:CNNVD-200107-173date:2005-10-20T00:00:00
db:NVDid:CVE-2001-1097date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE
db:CERT/CCid:VU#676552date:2001-07-23T00:00:00
db:CERT/CCid:VU#601312date:2001-07-12T00:00:00
db:CERT/CCid:VU#642760date:2001-07-12T00:00:00
db:CERT/CCid:VU#310816date:2001-06-01T00:00:00
db:VULHUBid:VHN-3902date:2001-07-24T00:00:00
db:BIDid:2565date:2001-04-11T00:00:00
db:BIDid:3096date:2001-07-25T00:00:00
db:CNNVDid:CNNVD-200107-173date:2001-07-24T00:00:00
db:NVDid:CVE-2001-1097date:2001-07-24T04:00:00