Vulnerabilities > CVE-2010-3899 - Resource Management Errors vulnerability in IBM Omnifind 8.0/9.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
ibm
CWE-399
exploit available
NVD
Published: 2010-11-12
Updated: 2018-10-10

Summary

IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents.

Vulnerable Configurations

Part Description Count
Application
Ibm
2

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionIBM OmniFind Crawler Denial of Service Vulnerability. CVE-2010-3899. Dos exploits for multiple platform
fileexploits/multiple/dos/15476.php
idEDB-ID:15476
last seen2016-02-01
modified2010-11-09
platformmultiple
port
published2010-11-09
reporterFatih Kilic
sourcehttps://www.exploit-db.com/download/15476/
titleIBM OmniFind Crawler Denial of Service Vulnerability
typedos

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/95687/ibmomnifind-xssescalate.txt
idPACKETSTORM:95687
last seen2016-12-05
published2010-11-10
reporterFatih Kilic
sourcehttps://packetstormsecurity.com/files/95687/IBM-OmniFind-Cross-Site-Scripting-Privilege-Escalation.html
titleIBM OmniFind Cross Site Scripting / Privilege Escalation

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:70181
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-70181
titleIBM OmniFind Crawler Denial of Service Vulnerability

References