CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
Confidence
High
EPSS
Percentile
75.3%
Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | lotus_domino | 6.5.0 | cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:* |
ibm | lotus_domino | 6.5.1 | cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:* |
ibm | lotus_domino | 6.5.2 | cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:* |
ibm | lotus_domino | 6.5.3 | cpe:2.3:a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:* |
ibm | lotus_domino | 6.5.4 | cpe:2.3:a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:* |
ibm | lotus_domino | 6.5.4 | cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp1:*:*:*:*:* |
ibm | lotus_domino | 6.5.4 | cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp2:*:*:*:*:* |
ibm | lotus_domino_enterprise_server | 6.5.2 | cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.2:*:*:*:*:*:*:* |
ibm | lotus_domino_enterprise_server | 6.5.4 | cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.4:*:*:*:*:*:*:* |
ibm | lotus_notes | 6.5 | cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:* |
secunia.com/advisories/18328
www-1.ibm.com/support/docview.wss?uid=swg27007054
www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument&Highlight=0%2CMKIN67MQVW
www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument&Highlight=0%2CMKIN693QUT
www.securityfocus.com/bid/16158
www.vupen.com/english/advisories/2006/0081
exchange.xforce.ibmcloud.com/vulnerabilities/24223