[Snort-sigs] Sourcefire VRT Advisory - 2005-04-07

Nigel Houghton nigel at ...435...
Thu Apr 7 08:21:04 EDT 2005


The Sourcefire VRT has learned of a serious vulnerability affecting IBM
Lotus Domino Server. Certain versions of IBM Lotus Domino Server are
vulnerable to a Denial of Service condition as reported by iDefense[0].
During our research, we have verified that Snort will generate events
from http_inspect based on the large URI request that is needed to
trigger the DoS condition.

The event will appear in Snort logs as:

 [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]

[0] http://www.idefense.com/application/poi/display?id=224&type=vulnerabilities

+--------------------------------------------------------------------+
     Nigel Houghton      Research Engineer       Sourcefire Inc.
                   Vulnerability Research Team




More information about the Snort-sigs mailing list