Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Sourcefire VRT Advisory - 2005-04-07

From: Nigel Houghton <nigel () sourcefire com>
Date: Thu, 7 Apr 2005 10:06:31 -0500
The Sourcefire VRT has learned of a serious vulnerability affecting IBM
Lotus Domino Server. Certain versions of IBM Lotus Domino Server are
vulnerable to a Denial of Service condition as reported by iDefense[0].
During our research, we have verified that Snort will generate events
from http_inspect based on the large URI request that is needed to
trigger the DoS condition.

The event will appear in Snort logs as:

 [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]

[0] http://www.idefense.com/application/poi/display?id=224&type=vulnerabilities

+--------------------------------------------------------------------+
     Nigel Houghton      Research Engineer       Sourcefire Inc.
                   Vulnerability Research Team


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: