CVE-2008-2240

2008-05-2213:09:00

CWE-119

[email protected]

web.nvd.nist.gov

ibm

lotus domino

web server

buffer overflow

cve-2008-2240

nvd

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.97 High

EPSS

Percentile

99.8%

JSON

Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header.

Affected configurations

NVD

Node

ibmlotus_dominoMatch6.0

ibmlotus_dominoMatch6.5

ibmlotus_dominoMatch7.0

ibmlotus_dominoMatch8.0

ibmlotus_dominoMatch8.0.1

CPENameOperatorVersion
ibm:lotus_dominoibm lotus dominoeq6.0
ibm:lotus_dominoibm lotus dominoeq6.5
ibm:lotus_dominoibm lotus dominoeq7.0
ibm:lotus_dominoibm lotus dominoeq8.0
ibm:lotus_dominoibm lotus dominoeq8.0.1

CPE	Name	Operator	Version
ibm:lotus_domino	ibm lotus domino	eq	6.0
ibm:lotus_domino	ibm lotus domino	eq	6.5
ibm:lotus_domino	ibm lotus domino	eq	7.0
ibm:lotus_domino	ibm lotus domino	eq	8.0
ibm:lotus_domino	ibm lotus domino	eq	8.0.1