IBM Lotus Domino Web Server "Accept Language" HTTP header vulnerability - HeapOverflow Computer Security Community & Forums : Heap Overflow.com

HeapOverflow Computer Security Community & Forums : Heap Overflow.com

		HeapOverflow Computer Security Community & Forums : Heap Overflow.com > Computer Security: Discussions > Security discussions
IBM Lotus Domino Web Server "Accept Language" HTTP header vulnerability

Mark Forums Read

Notices

Welcome to you visitor! This community is mainly dedicated to the computer and security, if you're looking for DFind scanner or others exploits codes you will find them into the Projects section, feel free to start Blogging and remember to always keep an eye and start talking about security Advisories & public Exploits.

Security discussions Discuss about the computer security in general

IBM Lotus Domino Web Server "Accept Language" HTTP header vulnerability

This is a discussion on "IBM Lotus Domino Web Server "Accept Language" HTTP header vulnerability" within the Security discussions part of the Computer Security: Discussions section; Did anybody analyse the "Accept-Language" HTTP header buffer overflow vulnerability in IBM Lotus Domino web server? This is important : " It should be noted that to access the code path containing the vulnerable function specially crafted characters ...

Reply

#1 (permalink)

Old

25-05-08

haluznik is offline

Junior Member

Join Date: Jul 2006

Posts: 4

Thanks: 2

Thanked 1 Time in 1 Post

Rep Power: 5

haluznik is on a distinguished road

Default

IBM Lotus Domino Web Server "Accept Language" HTTP header vulnerability

Did anybody analyse the "Accept-Language" HTTP header buffer overflow vulnerability in IBM Lotus Domino web server? This is important : " It should be noted that to access the code path containing the vulnerable function specially crafted characters must be included within the URL being requested. ( from Mwr infosecurity advisory )"

Last edited by haluznik; 25-05-08 at 20:48.

Reply With Quote

Sponsor

Advertiser

#2 (permalink)

Old

17-09-08

Dr.Retz is offline

Junior Member

Join Date: Sep 2008

Posts: 2

Thanks: 0

Thanked 0 Times in 0 Posts

Rep Power: 3

Dr.Retz is on a distinguished road

Unhappy

Re: IBM Lotus Domino Web Server "Accept Language" HTTP header vulnerability

Hi

I am testing it on version 8. Below is my special crafted characters in url request but it doesn't crash the sever.

print $sock "GET /helpÖØ§<>( HTTP/1.1\r\n";

Anything missing?

Reply With Quote

Sponsor

Advertiser

Reply

Tags
buffer overflow, lotus domino

« You can't always get what you want…I just want some protection. | setuid failure exploit »

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off Trackbacks are On Pingbacks are On Refbacks are On

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
CVE-2008-2410 (Lotus Domino Web Server)	Heap	Advisories	0	22-05-08 21:27
CVE-2007-4474 (Lotus Domino Web Access)	Heap	Advisories	0	28-12-07 01:09
IBM Lotus Domino 7.0.2FP1 IMAP4 Server LSUB Command Exploit	Heap	Public	0	28-10-07 13:28

heapoverflow.com - SEOmeter SEO tools

Locations of visitors to this page

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112