Denial of Service Condition in Lotus Domino Web Server R5

Reported April 11, 2001, by Defcom Labs.




  • All releases of Lotus Domino Web Server R5 earlier than version 5.0.7 on all platforms


An HTTP header-activated Denial of Service (DoS) condition exists in Lotus Domino Web Server R5 versions earlier than 5.0.7. An attacker can repeatedly request document root (/) with various accept fields (accept: a, accept: aa, accept: aaa aso) that can result in the server's running out of physical memory. The server might continue to run but won't accept any new requests, or the server process can crash, requiring a server restart.




The vendor, Lotus Development Corporation, has acknowledged this vulnerability and has recommended that users upgrade to version 5.0.7. Users can obtain a copy of this upgrade from the Web site.



Discovered by Peter Gründl.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.