CVE-2008-2240

IBM Lotus Domino - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16697

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/lotus/domino_http_accept_language.rb

View Code ZIP pw:eip

References (10)

[Vendor Advisory] http://secunia.com/advisories/30310

[Vendor Advisory] http://secunia.com/advisories/30332

[Patch] http://www-1.ibm.com/support/docview.wss?uid=swg21303057

[Third Party Advisory] http://www.attrition.org/pipermail/vim/2008-May/001988.html

[Third Party Advisory] http://www.attrition.org/pipermail/vim/2008-May/001989.html

[Patch] http://www.mwrinfosecurity.com/publications/mwri_ibm-lotus-domino-accept-language-stack-overflow_2008-05-20.pdf

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29310

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42552

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1020098

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1597

Scores

EPSS 0.8420

EPSS Percentile 99.3%

Details

CWE

CWE-119

Status published

Products (5)

ibm/lotus_domino 6.0

ibm/lotus_domino 6.5

ibm/lotus_domino 7.0

ibm/lotus_domino 8.0

ibm/lotus_domino 8.0.1

Published May 22, 2008

Tracked Since Feb 18, 2026