ID
VAR-200107-0160
CVE
CVE-2001-0428
TITLE
Lotus Domino vulnerable to DoS via crafted unicode GET request
Trust: 0.8
DESCRIPTION
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. DIIOP by default listens on port 63148. Making continuous and unusually large connection requests to port 63148, will invoke a DIIOP session. Each such connection request will launch a new DIIOP session. Eventually this process will cause CPU utilization to spike to 100% on the target host. Cisco VPN 3000 Series Concentrator versions prior to 2.5.2(F) have a vulnerability
Trust: 3.42
AFFECTED PRODUCTS
| vendor: | lotus | model: | - | scope: | - | version: | - | Trust: 2.4 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 2.5.2.c | Trust: 1.6 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 2.5.2.b | Trust: 1.6 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 2.5.2.a | Trust: 1.6 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 2.5.2.d | Trust: 1.6 |
| vendor: | cisco | model: | vpn 3000 concentrator | scope: | eq | version: | 2.5.2.a | Trust: 0.6 |
| vendor: | cisco | model: | vpn 3000 concentrator | scope: | eq | version: | 2.5.2.d | Trust: 0.6 |
| vendor: | cisco | model: | vpn 3000 concentrator | scope: | eq | version: | 2.5.2.c | Trust: 0.6 |
| vendor: | cisco | model: | vpn 3000 concentrator | scope: | eq | version: | 2.5.2.b | Trust: 0.6 |
| vendor: | lotus | model: | domino | scope: | eq | version: | 5.0.6 | Trust: 0.3 |
| vendor: | lotus | model: | domino | scope: | eq | version: | 5.0.5 | Trust: 0.3 |
| vendor: | lotus | model: | domino | scope: | eq | version: | 5.0.4 | Trust: 0.3 |
| vendor: | lotus | model: | domino | scope: | eq | version: | 5.0.3 | Trust: 0.3 |
| vendor: | lotus | model: | domino | scope: | eq | version: | 5.0.2 | Trust: 0.3 |
| vendor: | lotus | model: | domino | scope: | eq | version: | 5.0.1 | Trust: 0.3 |
| vendor: | lotus | model: | domino | scope: | ne | version: | 5.0.7 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
unknown
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2001-0428 | Trust: 1.7 |
| db: | OSVDB | id: | 1786 | Trust: 1.7 |
| db: | BID | id: | 2573 | Trust: 1.7 |
| db: | BID | id: | 2599 | Trust: 1.1 |
| db: | BID | id: | 2571 | Trust: 0.8 |
| db: | XF | id: | 6349 | Trust: 0.8 |
| db: | CERT/CC | id: | VU#676552 | Trust: 0.8 |
| db: | XF | id: | 6347 | Trust: 0.8 |
| db: | BID | id: | 2565 | Trust: 0.8 |
| db: | CERT/CC | id: | VU#601312 | Trust: 0.8 |
| db: | XF | id: | 6350 | Trust: 0.8 |
| db: | CERT/CC | id: | VU#555464 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-200107-021 | Trust: 0.7 |
| db: | CISCO | id: | 20010412 VPN 3000 CONCENTRATOR IP OPTIONS VULNERABILITY | Trust: 0.6 |
| db: | XF | id: | 6360 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-3247 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/advisories/3208 | Trust: 2.4 |
| url: | http://www.securityfocus.com/bid/2573 | Trust: 1.7 |
| url: | http://www.cisco.com/warp/public/707/vpn3k-ipoptions-vuln-pub.shtml | Trust: 1.7 |
| url: | http://www.osvdb.org/1786 | Trust: 1.7 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/6360 | Trust: 1.1 |
| url: | http://www.securityfocus.com/bid/2571 | Trust: 0.8 |
| url: | http://xforce.iss.net/static/6349.php | Trust: 0.8 |
| url: | http://www.securityfocus.com/bid/2565 | Trust: 0.8 |
| url: | http://xforce.iss.net/static/6347.php | Trust: 0.8 |
| url: | http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126 | Trust: 0.8 |
| url: | http://www.securityfocus.com/bid/2599 | Trust: 0.8 |
| url: | http://xforce.iss.net/static/6350.php | Trust: 0.8 |
| url: | http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument | Trust: 0.8 |
| url: | http://xforce.iss.net/static/6360.php | Trust: 0.6 |
| url: | http://www.lotus.com/home.nsf/welcome/domino | Trust: 0.3 |
CREDITS
Discovered and posted to Bugtraq by <peter.grundl@defcom.com> on April 11, 2001.
Trust: 0.3
SOURCES
| db: | CERT/CC | id: | VU#676552 |
| db: | CERT/CC | id: | VU#601312 |
| db: | CERT/CC | id: | VU#555464 |
| db: | VULHUB | id: | VHN-3247 |
| db: | BID | id: | 2599 |
| db: | CNNVD | id: | CNNVD-200107-021 |
| db: | NVD | id: | CVE-2001-0428 |
LAST UPDATE DATE
2026-02-08T22:28:38.937000+00:00
SOURCES UPDATE DATE
| db: | CERT/CC | id: | VU#676552 | date: | 2001-07-26T00:00:00 |
| db: | CERT/CC | id: | VU#601312 | date: | 2001-07-17T00:00:00 |
| db: | CERT/CC | id: | VU#555464 | date: | 2001-07-17T00:00:00 |
| db: | VULHUB | id: | VHN-3247 | date: | 2018-10-30T00:00:00 |
| db: | BID | id: | 2599 | date: | 2001-04-11T00:00:00 |
| db: | CNNVD | id: | CNNVD-200107-021 | date: | 2005-05-02T00:00:00 |
| db: | NVD | id: | CVE-2001-0428 | date: | 2025-04-03T01:03:51.193 |
SOURCES RELEASE DATE
| db: | CERT/CC | id: | VU#676552 | date: | 2001-07-23T00:00:00 |
| db: | CERT/CC | id: | VU#601312 | date: | 2001-07-12T00:00:00 |
| db: | CERT/CC | id: | VU#555464 | date: | 2001-07-12T00:00:00 |
| db: | VULHUB | id: | VHN-3247 | date: | 2001-07-02T00:00:00 |
| db: | BID | id: | 2599 | date: | 2001-04-11T00:00:00 |
| db: | CNNVD | id: | CNNVD-200107-021 | date: | 2001-07-02T00:00:00 |
| db: | NVD | id: | CVE-2001-0428 | date: | 2001-07-02T04:00:00 |