VULHUB ™

Lotus Domino Server is an application framework for web based collaborative software. It runs on multiple platforms including Windows and Unix. It has been reported that all versions of Lotus Domino Webserver prior to 5.0.9a running on Windows 2000 may be vulnerable to a denial of service condition. If a request for a DOS device from CGI-BIN has an extension of 220 characters, the server will spawn a cmd.exe session to run nul.pif. The server will also pop up a window asking for a program association to run nul.pif with. If this is done approximately 400 times, the server will reportedly run out of working threads. This vulnerability may not having anything to do with the inclusion of MS-DOS device names in requests, but this is unconfirmed.

Lotus Domino Server is an application framework for web based collaborative software. It runs on multiple platforms including Windows and Unix. It has been reported that all versions of Lotus Domino Webserver prior to 5.0.9a running on Windows 2000 may be vulnerable to a denial of service condition. If a request for a DOS device from CGI-BIN has an extension of 220 characters, the server will spawn a cmd.exe session to run nul.pif. The server will also pop up a window asking for a program association to run nul.pif with. If this is done approximately 400 times, the server will reportedly run out of working threads. This vulnerability may not having anything to do with the inclusion of MS-DOS device names in requests, but this is unconfirmed.