Sign-up

ID

VAR-200107-0175


CVE

CVE-2001-0385


TITLE

Lotus Domino vulnerable to DoS via crafted HTTP header requests

Trust: 0.8

sources: CERT/CC: VU#601312

DESCRIPTION

GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. The GoAhead Web Server is a freely available, open source software package developed by GoAhead. The GoAhead Web Server offers a multi-platform web server and source code to the community. The process has to be manually restarted to resume normal operation. An HTTP request composed of numerous '/' sequences (approx 8k), will cause the server to consume all available system resources on the host. GoAhead webserver version 2.1 has a vulnerability

Trust: 2.97

sources: NVD: CVE-2001-0385 // CERT/CC: VU#601312 // CERT/CC: VU#642760 // BID: 2607 // BID: 2598 // VULHUB: VHN-3204

AFFECTED PRODUCTS

vendor:lotusmodel: - scope: - version: -

Trust: 1.6

vendor:goaheadmodel:webserverscope:eqversion:2.1

Trust: 1.6

vendor:goaheadmodel:software goahead webserverscope:eqversion:2.1

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.6

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.5

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.4

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.3

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.2

Trust: 0.3

vendor:lotusmodel:dominoscope:eqversion:5.0.1

Trust: 0.3

vendor:lotusmodel:dominoscope:neversion:5.0.7

Trust: 0.3

sources: CERT/CC: VU#601312 // CERT/CC: VU#642760 // BID: 2607 // BID: 2598 // CNNVD: CNNVD-200107-037 // NVD: CVE-2001-0385

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0385
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#601312
value: 9.98

Trust: 0.8

CARNEGIE MELLON: VU#642760
value: 10.50

Trust: 0.8

CNNVD: CNNVD-200107-037
value: MEDIUM

Trust: 0.6

VULHUB: VHN-3204
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2001-0385
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3204
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#601312 // CERT/CC: VU#642760 // VULHUB: VHN-3204 // CNNVD: CNNVD-200107-037 // NVD: CVE-2001-0385

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0385

THREAT TYPE

network

Trust: 0.6

sources: BID: 2607 // BID: 2598

TYPE

Unknown

Trust: 0.9

sources: BID: 2607 // CNNVD: CNNVD-200107-037

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-3204

EXTERNAL IDS
db:BIDid:2607
Trust: 2.0
db:NVDid:CVE-2001-0385
Trust: 2.0
db:OSVDBid:6664
Trust: 1.7
db:BIDid:2598
Trust: 1.1
db:OSVDBid:81099
Trust: 1.1
db:XFid:6347
Trust: 0.8
db:BIDid:2565
Trust: 0.8
db:CERT/CCid:VU#601312
Trust: 0.8
db:XFid:6351
Trust: 0.8
db:CERT/CCid:VU#642760
Trust: 0.8
db:BUGTRAQid:20010417 ADVISORY FOR GOAHEAD WEBSERVER V2.1
Trust: 0.6
db:XFid:6400
Trust: 0.6
db:CNNVDid:CNNVD-200107-037
Trust: 0.6
db:SEEBUGid:SSVID-74628
Trust: 0.1
db:EXPLOIT-DBid:20770
Trust: 0.1
db:VULHUBid:VHN-3204
Trust: 0.1
sources:
            
            
            CERT/CC: VU#601312 // 
            
            
            
            CERT/CC: VU#642760 // 
            
            
            
            VULHUB: VHN-3204 // 
            
            
            
            BID: 2607 // 
            
            
            
            BID: 2598 // 
            
            
            
            CNNVD: CNNVD-200107-037 // 
            
            
            
            NVD: CVE-2001-0385

REFERENCES
url:http://www.securityfocus.com/bid/2607
Trust: 1.7
url:http://archives.neohapsis.com/archives/bugtraq/2001-04/0281.html
Trust: 1.7
url:http://www.osvdb.org/6664
Trust: 1.7
url:http://www.securityfocus.com/advisories/3208
Trust: 1.6
url:http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview&start=3.111&count=30&expand=3.126#3.126
Trust: 1.6
url:http://freecode.com/projects/embedthis-goahead-webserver/releases/343539
Trust: 1.1
url:http://osvdb.org/81099
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6400
Trust: 1.1
url:http://www.securityfocus.com/bid/2565
Trust: 0.8
url:http://xforce.iss.net/static/6347.php
Trust: 0.8
url:http://www.securityfocus.com/bid/2598
Trust: 0.8
url:http://xforce.iss.net/static/6351.php
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/6400
Trust: 0.6
url:http://www.lotus.com/home.nsf/welcome/domino
Trust: 0.3
sources:
            
            
            CERT/CC: VU#601312 // 
            
            
            
            CERT/CC: VU#642760 // 
            
            
            
            VULHUB: VHN-3204 // 
            
            
            
            BID: 2598 // 
            
            
            
            CNNVD: CNNVD-200107-037 // 
            
            
            
            NVD: CVE-2001-0385

CREDITS
This vulnerability was announced to Bugtraq by nemesystm <neme-dhc@hushmail.com> on April 17, 2001.
Trust: 0.9
sources:
            
            
            BID: 2607 // 
            
            
            
            CNNVD: CNNVD-200107-037

SOURCES
db:CERT/CCid:VU#601312
db:CERT/CCid:VU#642760
db:VULHUBid:VHN-3204
db:BIDid:2607
db:BIDid:2598
db:CNNVDid:CNNVD-200107-037
db:NVDid:CVE-2001-0385

LAST UPDATE DATE
2026-02-07T22:08:27.465000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#601312date:2001-07-17T00:00:00
db:CERT/CCid:VU#642760date:2001-07-17T00:00:00
db:VULHUBid:VHN-3204date:2017-12-20T00:00:00
db:BIDid:2607date:2009-07-11T06:06:00
db:BIDid:2598date:2001-04-11T00:00:00
db:CNNVDid:CNNVD-200107-037date:2005-10-20T00:00:00
db:NVDid:CVE-2001-0385date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE
db:CERT/CCid:VU#601312date:2001-07-12T00:00:00
db:CERT/CCid:VU#642760date:2001-07-12T00:00:00
db:VULHUBid:VHN-3204date:2001-07-02T00:00:00
db:BIDid:2607date:2001-04-17T00:00:00
db:BIDid:2598date:2001-04-11T00:00:00
db:CNNVDid:CNNVD-200107-037date:2001-07-02T00:00:00
db:NVDid:CVE-2001-0385date:2001-07-02T04:00:00