Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-0986

4 documents4 sources
Severity
5.0MEDIUM
EPSS
17.7%
top 4.88%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Lotus Domino Server
Timeline
PublishedMay 2
Latest updateMay 1

Description

NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET request containing UNICODE decimal value 430 characters, which causes the stack to be exhausted. NOTE: IBM has reported that it is unable to replicate this issue.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/lotus_domino_server6.0.3, 6.5.1+1

🔴Vulnerability Details

2
GHSA
GHSA-v83w-r87j-m4v3: NLSCCSTR2022-05-01
CVEList
CVE-2005-0986: NLSCCSTR2005-04-06

💥Exploits & PoCs

1
Exploit-DB
IBM Lotus Domino Server 6.5.1 Web Service - Remote Denial of Service2005-04-06
CVE-2005-0986 (MEDIUM CVSS 5) | NLSCCSTR.DLL in the web service in | cvebase.io