[Snort-users] Sourcefire VRT Advisory - 2005-04-07

Nigel Houghton nigel at ...1935...
Thu Apr 7 08:26:35 EDT 2005

The Sourcefire VRT has learned of a serious vulnerability affecting IBM
Lotus Domino Server. Certain versions of IBM Lotus Domino Server are
vulnerable to a Denial of Service condition as reported by iDefense[0].
During our research, we have verified that Snort will generate events
from http_inspect based on the large URI request that is needed to
trigger the DoS condition.

The event will appear in Snort logs as:

 [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]

[0] http://www.idefense.com/application/poi/display?id=224&type=vulnerabilities

     Nigel Houghton      Research Engineer       Sourcefire Inc.
                   Vulnerability Research Team

More information about the Snort-users mailing list