CVE-2003-0178 — Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Lotus Domino WEB Server

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

58.5%

top 1.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Lotus Domino WEB Server

Timeline

PublishedApr 2

Latest updateApr 29

Description

Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/lotus_domino_web_server6.0

Patches

Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-r7j8-vx2r-6cf7: Multiple buffer overflows in Lotus Domino Web Server before 6↗2022-04-29

▶

CVEList

CVE-2003-0178: Multiple buffer overflows in Lotus Domino Web Server before 6↗2003-03-29

▶