Vulnerability Name:

CVE-2003-0123 (CCN-11525)

Assigned:2003-03-11
Published:2003-03-11
Updated:2017-11-22
Summary:Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2003-0123

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow

Source: CCN
Type: IBM Technote #1105060
Web Retriever Buffer Overflow May Cause Denial of Service

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060

Source: CCN
Type: Lotus SPR# KSPR5DFJTR
Fixed a potential Denial of Service attack

Source: CCN
Type: CERT Advisory CA-2003-11
Multiple Vulnerabilities in Lotus Notes and Domino

Source: CERT
Type: Third Party Advisory, US Government Resource
CA-2003-11

Source: CCN
Type: CIAC Information Bulletin N-065
Multiple Vulnerabilities in Lotus Notes and Domino

Source: CIAC
Type: Broken Link
N-065

Source: CCN
Type: US-CERT VU#411489
Lotus Domino Web Retriever contains a buffer overflow vulnerability

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#411489

Source: CCN
Type: OSVDB ID: 10829
IBM Lotus Notes/Domino Web Retriever Client Long HTTP Status Line DoS

Source: CCN
Type: Rapid7, Inc. Security Advisory R7-0011
Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow

Source: MISC
Type: Not Applicable
http://www.rapid7.com/advisories/R7-0011.html

Source: BID
Type: Third Party Advisory, VDB Entry
7038

Source: CCN
Type: BID-7038
Lotus Notes/Domino Web Retriever Buffer Overflow Denial Of Service Vulnerability

Source: CCN
Type: IBM Web site
Downloads

Source: XF
Type: Third Party Advisory, VDB Entry
lotus-web-retriever-bo(11525)

Source: XF
Type: UNKNOWN
lotus-web-retriever-bo(11525)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:lotus_domino:4.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:4.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:4.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.4a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.6a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.8a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.9a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.9a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:r5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.9a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:4.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:4.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:4.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.4a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.6a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:5.0.8a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:5.0.9a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes_client:r5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm lotus domino 4.6.1
    ibm lotus domino 4.6.3
    ibm lotus domino 4.6.4
    ibm lotus domino 5.0
    ibm lotus domino 5.0.1
    ibm lotus domino 5.0.2
    ibm lotus domino 5.0.3
    ibm lotus domino 5.0.4
    ibm lotus domino 5.0.4a
    ibm lotus domino 5.0.5
    ibm lotus domino 5.0.6
    ibm lotus domino 5.0.6a
    ibm lotus domino 5.0.7
    ibm lotus domino 5.0.7a
    ibm lotus domino 5.0.8
    ibm lotus domino 5.0.8a
    ibm lotus domino 5.0.9
    ibm lotus domino 5.0.9a
    ibm lotus domino 5.0.10
    ibm lotus domino 5.0.11
    ibm lotus notes client 5.0
    ibm lotus notes client 5.0.1
    ibm lotus notes client 5.0.2
    ibm lotus notes client 5.0.3
    ibm lotus notes client 5.0.4
    ibm lotus notes client 5.0.5
    ibm lotus notes client 5.0.9a
    ibm lotus notes client 5.0.10
    ibm lotus notes client 5.0.11
    ibm lotus notes client r5
    ibm lotus domino 5.0.8
    ibm lotus domino 5.0.5
    ibm lotus domino 5.0.9
    ibm lotus domino 5.0.9a
    ibm lotus domino 5.0
    ibm lotus domino 4.6.1
    ibm lotus domino 4.6.3
    ibm lotus domino 4.6.4
    ibm lotus domino 5.0.1
    ibm lotus domino 5.0.10
    ibm lotus domino 5.0.11
    ibm lotus domino 5.0.2
    ibm lotus domino 5.0.3
    ibm lotus domino 5.0.4a
    ibm lotus domino 5.0.6
    ibm lotus domino 5.0.6a
    ibm lotus domino 5.0.7a
    ibm lotus domino 5.0.8a
    ibm lotus notes client 5.0
    ibm lotus notes client 5.0.1
    ibm lotus notes client 5.0.10
    ibm lotus notes client 5.0.11
    ibm lotus notes client 5.0.2
    ibm lotus notes client 5.0.3
    ibm lotus notes client 5.0.4
    ibm lotus notes client 5.0.5
    ibm lotus notes client 5.0.9a
    ibm lotus notes client r5