Vulnerability Name:

CVE-2006-0119 (CCN-24207)

Assigned:2006-01-03
Published:2006-01-03
Updated:2018-10-19
Summary:Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to "potential security issues" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4) GPKS5YQGPT in Security, or (5) HSAO6BNL6Y in the Web Server.
Note: vector 3 is related to an issue in NROUTER in IBM Lotus Notes and Domino Server before 6.5.4 FP1, 6.5.5, and 7.0, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted vCal meeting request sent via SMTP (aka SPR# KSPR699NBP).
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.7 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Other
References:Source: MITRE
Type: CNA
CVE-2006-0119

Source: CCN
Type: SA18328
IBM Lotus Domino/Notes Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
18328

Source: CCN
Type: SA20855
Lotus Domino Malformed vCal Processing Denial of Service

Source: SECUNIA
Type: Vendor Advisory
20855

Source: CCN
Type: SECTRACK ID: 1016390
IBM Lotus Domino Bug in Processing vCal Meeting Requests Let Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1016390

Source: CCN
Type: IBM Support and Downloads
Fix List for Lotus Notes and Lotus Domino Release 6.5.5 Maintenance Release (MR)

Source: CONFIRM
Type: UNKNOWN
http://www-1.ibm.com/support/docview.wss?uid=swg27007054

Source: CCN
Type: Notes/Domino Fix List
SPR # GPKS6C9J67 fixed in 6.5.5; 6.5.4 FP2 release

Source: CONFIRM
Type: UNKNOWN
http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/94a77eb898843aca8525709200001de1?OpenDocument&Highlight=0,JGAN6B6TZ3

Source: CONFIRM
Type: UNKNOWN
http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/9a1650d1a771f3078525702a00420def?OpenDocument&Highlight=0,HSAO6BNL6Y

Source: CONFIRM
Type: UNKNOWN
http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/d1150fc9c5dec8b18525709200001da6?OpenDocument&Highlight=0,GPKS6C9J67

Source: CONFIRM
Type: UNKNOWN
http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/de2ab57a5b9547848525701b00420c2c?OpenDocument&Highlight=0,KSPR699NBP

Source: CONFIRM
Type: UNKNOWN
http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/e4deb1cbb011c747852570e4001ba9bb?OpenDocument&Highlight=0,GPKS5YQGPT

Source: CONFIRM
Type: UNKNOWN
http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/f97fe7cfd9a8113b8525709200001db4?OpenDocument&Highlight=0,GPKS6C9J67

Source: BUGTRAQ
Type: UNKNOWN
20060626 SYMSA-2006-006: Lotus Domino SMTP Based Denial of Service

Source: BID
Type: Patch
16158

Source: CCN
Type: BID-16158
IBM Lotus Domino and Notes Multiple Unspecified Vulnerabilities

Source: BID
Type: UNKNOWN
18020

Source: CCN
Type: BID-18020
Lotus Domino SMTP Meeting Request Remote Denial of Service Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2006-0081

Source: VUPEN
Type: Vendor Advisory
ADV-2006-2564

Source: XF
Type: UNKNOWN
lotus-multiple-unspecified(24207)

Source: XF
Type: UNKNOWN
lotus-multiple-unspecified(24207)

Source: XF
Type: UNKNOWN
lotus-web-unspecified-xss(24211)

Source: XF
Type: UNKNOWN
domino-smtp-nrouter-dos(27413)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.4:*:fp1:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.4:*:fp2:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino_enterprise_server:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino_enterprise_server:6.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-0119 (CCN-24211)

    Assigned:2006-01-03
    Published:2006-01-03
    Updated:2006-01-03
    Summary:IBM Lotus Domino is vulnerable to cross-site scripting in the Web application. The attack vector and impact of this vulnerability is unknown.
    CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): High
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Low
    Availibility (A): None
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    8.7 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
    2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Other
    References:Source: MITRE
    Type: CNA
    CVE-2006-0119

    Source: CCN
    Type: SA18328
    IBM Lotus Domino/Notes Multiple Vulnerabilities

    Source: CCN
    Type: SA20855
    Lotus Domino Malformed vCal Processing Denial of Service

    Source: CCN
    Type: SECTRACK ID: 1016390
    IBM Lotus Domino Bug in Processing vCal Meeting Requests Let Remote Users Deny Service

    Source: CCN
    Type: IBM Technote (FAQ)
    Cross Site Scripting Vulnerability Addressed in Domino 6.5.4 FP1 and 7.0

    Source: CCN
    Type: IBM Support and Downloads
    Fix List for Lotus Notes and Lotus Domino Release 6.5.5 Maintenance Release (MR)

    Source: CCN
    Type: Notes/Domino Fix List
    SPR # HSAO6BNL6Y fixed in 6.5.5; 6.5.4 FP1 release

    Source: CCN
    Type: BID-16158
    IBM Lotus Domino and Notes Multiple Unspecified Vulnerabilities

    Source: CCN
    Type: BID-18020
    Lotus Domino SMTP Meeting Request Remote Denial of Service Vulnerability

    Source: XF
    Type: UNKNOWN
    lotus-web-unspecified-xss(24211)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino_enterprise_server:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino_enterprise_server:6.5.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-0119 (CCN-27413)

    Assigned:2006-06-27
    Published:2006-06-27
    Updated:2006-06-27
    Summary:IBM Lotus Domino is vulnerable to a denial of service in the SMTP service. A remote attacker could send a specially-crafted vCal meeting request to cause the NROUTER service to consume all available CPU resources, resulting in a denial of service.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Denial of Service
    References:Source: CCN
    Type: BugTraq Mailing List, Mon Jun 26 2006 - 15:42:37 CDT
    SYMSA-2006-006: Lotus Domino SMTP Based Denial of Service

    Source: MITRE
    Type: CNA
    CVE-2006-0119

    Source: CCN
    Type: SA18328
    IBM Lotus Domino/Notes Multiple Vulnerabilities

    Source: CCN
    Type: SA20855
    Lotus Domino Malformed vCal Processing Denial of Service

    Source: CCN
    Type: SECTRACK ID: 1016390
    IBM Lotus Domino Bug in Processing vCal Meeting Requests Let Remote Users Deny Service

    Source: CCN
    Type: IBM Technote (FAQ)
    Lotus Domino SMTP-based Denial of Service vulnerability

    Source: CCN
    Type: BID-16158
    IBM Lotus Domino and Notes Multiple Unspecified Vulnerabilities

    Source: CCN
    Type: BID-18020
    Lotus Domino SMTP Meeting Request Remote Denial of Service Vulnerability

    Source: CCN
    Type: Symantec Vulnerability Research Security Advisory SYMSA-2006-006
    Lotus Domino SMTP Based Denial of Service

    Source: CCN
    Type: ISS X-Force Database
    IBM Lotus Notes/Domino unspecified Agents, Router, and Security modules vulnerabilities

    Source: XF
    Type: UNKNOWN
    domino-smtp-nrouter-dos(27413)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:6.0.5:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_xp:*:*:professional:*:*:*:*:*
  • OR cpe:/o:ibm:os_390:-:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:os_400:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm lotus domino 6.5.0
    ibm lotus domino 6.5.1
    ibm lotus domino 6.5.2
    ibm lotus domino 6.5.3
    ibm lotus domino 6.5.4
    ibm lotus domino 6.5.4
    ibm lotus domino 6.5.4
    ibm lotus domino enterprise server 6.5.2
    ibm lotus domino enterprise server 6.5.4
    ibm lotus notes 6.5
    ibm lotus notes 6.5.1
    ibm lotus notes 6.5.2
    ibm lotus notes 6.5.3
    ibm lotus notes 6.5.4
    ibm lotus notes 6.5
    ibm lotus domino 6.5.0
    ibm lotus domino 6.5.1
    ibm lotus domino 6.5.2
    ibm lotus domino 6.5.4
    ibm lotus domino 6.5.3
    ibm lotus notes 6.5.3
    ibm lotus notes 6.5.2
    ibm lotus notes 6.5.1
    ibm lotus notes 6.5.4
    ibm lotus domino 6.5.4.1
    ibm lotus domino 6.5.4.2
    ibm lotus domino enterprise server 6.5.2
    ibm lotus domino enterprise server 6.5.4
    ibm lotus domino 6.0
    ibm lotus domino 6.0.1
    ibm lotus domino 6.0.2
    ibm lotus domino 6.5.0
    ibm lotus domino 6.5.1
    ibm lotus domino 6.5.2
    ibm lotus domino 6.5.4
    ibm lotus domino 6.0.3
    ibm lotus domino 6.5.3
    ibm lotus domino 6.0.4
    ibm lotus domino 6.0.5
    microsoft windows xp *
    ibm os 390 -
    ibm os 400 *