Check Point Advisories

IBM Lotus Domino Web Service Denial of Service (CVE-2005-0986)

Vulnerability
Protection

Check Point Reference:	CPAI-2005-221
Date Published:	2 Dec 2009
Severity:	High
Last Updated:	Wednesday 02 December, 2009
Source:
Industry Reference:	CVE-2005-0986
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description	IBM Lotus Domino server software provides messaging, calendar/scheduling and other collaborative applications. A vulnerability exists in IBM's Lotus Domino Web Server, in the HTTP server included with Lotus Domino, specifically in the way it handles Common Gateway Interface (CGI) requests. The flaw is triggered when a specially constructed HTTP GET request is sent to the server. This vulnerability can be exploited to terminate the Lotus Domino Web Server, creating a denial of service condition. A successful attack will result in an unexpected termination of the target process. The HTTP service will be unavailable as a result. If the affected product is being run on a Windows platform as a service, and has been setup to restart in case of recovery, the HTTP service will be restored after the termination.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the IBM Lotus Domino Web Service Denial of Service protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Web Server Enforcement Violation.
Attack Information: IBM Lotus Domino web service denial of service