CVE-2002-2025

CWE-863 — Incorrect Authorization CWE-4156 documents4 sources

Severity

5.0MEDIUM

EPSS

1.4%

top 19.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Lotus Domino Server

Timeline

PublishedDec 31

Latest updateMar 12

Description

Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS device name with a large number of characters appended to the device name.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/lotus_domino_server14 versions+13

Patches

Patch: archives.neohapsis.com ↗Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-75f5-hjpg-7h4w: Lotus Domino server 5↗2022-04-30

▶

CVEList

CVE-2002-2025: Lotus Domino server 5↗2005-07-14

▶

📋Vendor Advisories

Microsoft

Libdwarf: crashes randomly on fuzzed object↗2024-03-12

▶

Microsoft

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of↗2023-05-09

▶

Microsoft

MySQL Server Replication Vulnerability Allows High-Privileged Remote Attackers to Cause Denial of Service (DoS) in Versions 8.0.22 and Earlier↗2021-01-12

▶