Description
Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters.
Affected products
- ibm / lotus_domino5.0 – 5.0
- ibm / lotus_domino5.0.1 – 5.0.1
- ibm / lotus_domino5.0.2 – 5.0.2
- ibm / lotus_domino5.0.3 – 5.0.3
- ibm / lotus_domino5.0.4 – 5.0.4
- ibm / lotus_domino5.0.4a – 5.0.4a
- ibm / lotus_domino5.0.5 – 5.0.5
- ibm / lotus_domino5.0.6 – 5.0.6
- ibm / lotus_domino5.0.6a – 5.0.6a
- ibm / lotus_domino5.0.7 – 5.0.7
- ibm / lotus_domino5.0.7a – 5.0.7a
- ibm / lotus_domino5.0.8 – 5.0.8
- ibm / lotus_domino5.0.9 – 5.0.9
- ibm / lotus_domino5.0.9a – 5.0.9a