Executive Summary

Informations
Name CVE-2008-2240 First vendor Publication 2008-05-22
Vendor Cve Last vendor Modification 2017-08-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2240

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5

Open Source Vulnerability Database (OSVDB)

Id Description
45415 IBM Lotus Domino Web Server Accept-Language HTTP Header Remote Overflow

A remote overflow exists in IBM Lotus Domino server. The Web Server component fails to check string lengths in the Accept-Language header resulting in a stack overflow. With a specially crafted request, an attacker can execute code remotely resulting in a loss of integrity.

Snort® IPS/IDS

Date Description
2014-01-10 Lotus Domino HTTP header overflow attempt
RuleID : 13924 - Revision : 8 - Type : EXPLOIT
2014-01-10 IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt
RuleID : 13819 - Revision : 18 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2008-05-23 Name : The remote web server is affected by multiple vulnerabilities.
File : domino_7_0_3fp1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/29310
CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg21303057
MISC http://www.mwrinfosecurity.com/publications/mwri_ibm-lotus-domino-accept-lang...
SECTRACK http://www.securitytracker.com/id?1020098
SECUNIA http://secunia.com/advisories/30310
http://secunia.com/advisories/30332
VIM http://www.attrition.org/pipermail/vim/2008-May/001988.html
http://www.attrition.org/pipermail/vim/2008-May/001989.html
VUPEN http://www.vupen.com/english/advisories/2008/1597
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/42552

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2021-05-04 12:07:30
  • Multiple Updates
2021-04-22 01:07:54
  • Multiple Updates
2020-05-23 13:16:50
  • Multiple Updates
2020-05-23 00:21:41
  • Multiple Updates
2017-08-08 09:24:06
  • Multiple Updates
2016-04-26 17:24:10
  • Multiple Updates
2014-02-17 10:44:57
  • Multiple Updates
2014-01-19 21:24:59
  • Multiple Updates
2013-05-11 00:17:05
  • Multiple Updates