Snort mailing list archives
Sourcefire VRT Advisory - 2005-04-07
From: Nigel Houghton <nigel () sourcefire com>
Date: Thu, 7 Apr 2005 10:06:31 -0500
The Sourcefire VRT has learned of a serious vulnerability affecting IBM Lotus Domino Server. Certain versions of IBM Lotus Domino Server are vulnerable to a Denial of Service condition as reported by iDefense[0]. During our research, we have verified that Snort will generate events from http_inspect based on the large URI request that is needed to trigger the DoS condition. The event will appear in Snort logs as: [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [0] http://www.idefense.com/application/poi/display?id=224&type=vulnerabilities +--------------------------------------------------------------------+ Nigel Houghton Research Engineer Sourcefire Inc. Vulnerability Research Team ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Sourcefire VRT Advisory - 2005-04-07 Nigel Houghton (Apr 07)