Lotus Domino bad URL database Denial of Service Vulnerability

Lotus Domino 5.0.5 and 5.0.8 (French) are vulnerable to denial of services initiated by sending a specific malformed URL to the web server. By prefacing a database name with "/./" in a URL, access to that database can be disabled - eg, "http://server/./webadmin.nsf". This could be used for denial of service attacks on Lotus Domino servers. The French versions were reported vulnerable, but other versions may suffer from this issue as well (untested).


 

Privacy Statement
Copyright 2010, SecurityFocus