// For flags

CVE-2005-0986

IBM Lotus Domino Server 6.5.1 Web Service - Remote Denial of Service

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET request containing UNICODE decimal value 430 characters, which causes the stack to be exhausted. NOTE: IBM has reported that it is unable to replicate this issue.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-04-06 CVE Reserved
  • 2005-04-06 CVE Published
  • 2005-04-06 First Exploit
  • 2024-03-13 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ibm
Search vendor "Ibm"
Lotus Domino Server
Search vendor "Ibm" for product "Lotus Domino Server"
6.0.3
Search vendor "Ibm" for product "Lotus Domino Server" and version "6.0.3"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino Server
Search vendor "Ibm" for product "Lotus Domino Server"
6.5.1
Search vendor "Ibm" for product "Lotus Domino Server" and version "6.5.1"
-
Affected