Vulnerability Name:

CVE-2011-1393 (CCN-71805)

Assigned:2011-12-14
Published:2011-12-14
Updated:2017-08-17
Summary:Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Notes RPC packet.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2011-1393

Source: CCN
Type: SA47331
IBM Lotus Domino Notes RPC Authentication Processing Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
47331

Source: CCN
Type: IBM Technote 1575247
Security Advisory: Lotus Domino Denial of Service Vulnerability during Notes authentication processing (CVE-2011-1393)

Source: CCN
Type: Fortiguard Web site
FG-VD-11-007

Source: CONFIRM
Type: Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21575247

Source: OSVDB
Type: UNKNOWN
77990

Source: CCN
Type: OSVDB ID: 77990
IBM Lotus Domino Notes RPC Authentication Operation Packet Parsing Remote DoS

Source: CCN
Type: BID-51167
IBM Lotus Domino RPC Operation Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
lotus-domino-server-rpc-dos(71805)

Source: XF
Type: UNKNOWN
lotus-domino-server-rpc-dos(71805)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.0.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.0.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:*:fp3:*:*:*:*:*:* (Version <= 8.5.2)

    • Configuration CCN 1:
  • cpe:/a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm lotus domino 8.0
    ibm lotus domino 8.0.1
    ibm lotus domino 8.0.2
    ibm lotus domino 8.0.2.1
    ibm lotus domino 8.0.2.2
    ibm lotus domino 8.0.2.3
    ibm lotus domino 8.0.2.4
    ibm lotus domino 8.0.2.5
    ibm lotus domino 8.0.2.6
    ibm lotus domino 8.0.5
    ibm lotus domino 8.5.0
    ibm lotus domino 8.5.1
    ibm lotus domino 8.5.1.1
    ibm lotus domino 8.5.1.2
    ibm lotus domino 8.5.1.3
    ibm lotus domino 8.5.1.4
    ibm lotus domino 8.5.1.5
    ibm lotus domino * fp3
    ibm lotus domino 8.0
    ibm lotus domino 8.5.0