Details of VAR-200107-0175

ID

VAR-200107-0175

CVE

CVE-2001-0385

TITLE

Lotus Domino vulnerable to DoS via many large connects sent to 63148/TCP

Trust: 0.8

sources: CERT/CC: VU#555464

DESCRIPTION

GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. The GoAhead Web Server is a freely available, open source software package developed by GoAhead. The GoAhead Web Server offers a multi-platform web server and source code to the community. The process has to be manually restarted to resume normal operation. "The Bat!" is an MUA for Windows by Rit Research Labs. "The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account. GoAhead webserver version 2.1 has a vulnerability

Trust: 2.97

sources: NVD: CVE-2001-0385 // CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 2607 // BID: 2636 // VULHUB: VHN-3204

AFFECTED PRODUCTS

vendor:	goahead	model:	webserver	scope:	eq	version:	2.1	Trust: 1.6
vendor:	lotus	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	rit	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.101	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.51	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.49	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.48	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.47	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.46	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.45	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.44	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.43	Trust: 0.3
vendor:	rit	model:	research labs the bat! f	scope:	eq	version:	1.42	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.42	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.41	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.39	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.36	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.35	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.34	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.33	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.32	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.31	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.22	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.21	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.19	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.18	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.17	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.15	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.14	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.5	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.1	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.043	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.041	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.039	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.036	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.035	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.032	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.031	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.029	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.028	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.015	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	eq	version:	1.011	Trust: 0.3
vendor:	rit	model:	research labs the bat!	scope:	ne	version:	1.52	Trust: 0.3

sources: CERT/CC: VU#555464 // CERT/CC: VU#310816 // BID: 2607 // BID: 2636 // CNNVD: CNNVD-200107-037 // NVD: CVE-2001-0385

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0385
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#555464
value:	4.25
Trust: 0.8
CARNEGIE MELLON:	VU#310816
value:	1.62
Trust: 0.8
CNNVD:	CNNVD-200107-037
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-3204
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-0385
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3204
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-3204 // CNNVD: CNNVD-200107-037 // NVD: CVE-2001-0385

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0385

THREAT TYPE

network

Trust: 0.6

sources: BID: 2607 // BID: 2636

TYPE

Unknown

Trust: 0.9

sources: BID: 2607 // CNNVD: CNNVD-200107-037

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-3204

EXTERNAL IDS

db:	BID	id:	2607	Trust: 2.0
db:	NVD	id:	CVE-2001-0385	Trust: 2.0
db:	OSVDB	id:	6664	Trust: 1.7
db:	BID	id:	2636	Trust: 1.1
db:	OSVDB	id:	81099	Trust: 1.1
db:	BID	id:	2599	Trust: 0.8
db:	XF	id:	6350	Trust: 0.8
db:	CERT/CC	id:	VU#555464	Trust: 0.8
db:	XF	id:	6423	Trust: 0.8
db:	CERT/CC	id:	VU#310816	Trust: 0.8
db:	BUGTRAQ	id:	20010417 ADVISORY FOR GOAHEAD WEBSERVER V2.1	Trust: 0.6
db:	XF	id:	6400	Trust: 0.6
db:	CNNVD	id:	CNNVD-200107-037	Trust: 0.6
db:	SEEBUG	id:	SSVID-74628	Trust: 0.1
db:	EXPLOIT-DB	id:	20770	Trust: 0.1
db:	VULHUB	id:	VHN-3204	Trust: 0.1

sources: CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-3204 // BID: 2607 // BID: 2636 // CNNVD: CNNVD-200107-037 // NVD: CVE-2001-0385

REFERENCES

url:	http://www.securityfocus.com/bid/2607	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2001-04/0281.html	Trust: 1.7
url:	http://www.osvdb.org/6664	Trust: 1.7
url:	http://freecode.com/projects/embedthis-goahead-webserver/releases/343539	Trust: 1.1
url:	http://osvdb.org/81099	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6400	Trust: 1.1
url:	http://www.securityfocus.com/bid/2599	Trust: 0.8
url:	http://www.securityfocus.com/advisories/3208	Trust: 0.8
url:	http://xforce.iss.net/static/6350.php	Trust: 0.8
url:	http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument	Trust: 0.8
url:	http://www.securityfocus.com/bid/2636	Trust: 0.8
url:	http://www.ritlabs.com/the_bat/index.html	Trust: 0.8
url:	http://www.security.nnov.ru/search/news.asp?binid=1136	Trust: 0.8
url:	http://xforce.iss.net/static/6423.php	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/6400	Trust: 0.6
url:	http://www.thebat.net	Trust: 0.3

sources: CERT/CC: VU#555464 // CERT/CC: VU#310816 // VULHUB: VHN-3204 // BID: 2636 // CNNVD: CNNVD-200107-037 // NVD: CVE-2001-0385

CREDITS

This vulnerability was announced to Bugtraq by nemesystm <neme-dhc@hushmail.com> on April 17, 2001.

Trust: 0.9

sources: BID: 2607 // CNNVD: CNNVD-200107-037

SOURCES

db:	CERT/CC	id:	VU#555464
db:	CERT/CC	id:	VU#310816
db:	VULHUB	id:	VHN-3204
db:	BID	id:	2607
db:	BID	id:	2636
db:	CNNVD	id:	CNNVD-200107-037
db:	NVD	id:	CVE-2001-0385

LAST UPDATE DATE

2025-07-29T22:43:32.582000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#555464	date:	2001-07-17T00:00:00
db:	CERT/CC	id:	VU#310816	date:	2001-08-30T00:00:00
db:	VULHUB	id:	VHN-3204	date:	2017-12-20T00:00:00
db:	BID	id:	2607	date:	2009-07-11T06:06:00
db:	BID	id:	2636	date:	2001-04-18T00:00:00
db:	CNNVD	id:	CNNVD-200107-037	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-0385	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#555464	date:	2001-07-12T00:00:00
db:	CERT/CC	id:	VU#310816	date:	2001-06-01T00:00:00
db:	VULHUB	id:	VHN-3204	date:	2001-07-02T00:00:00
db:	BID	id:	2607	date:	2001-04-17T00:00:00
db:	BID	id:	2636	date:	2001-04-18T00:00:00
db:	CNNVD	id:	CNNVD-200107-037	date:	2001-07-02T00:00:00
db:	NVD	id:	CVE-2001-0385	date:	2001-07-02T04:00:00