Published: 12/11/2010 Updated: 10/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm omnifind 8.0
ibm omnifind 9.0

* Crawler endless loop (CVE-2010-3899) The crawler has no recursion depth limit A site with dynamic parameter manipulation can cause an endless loop This loop will block the crawler thread and use permanent server resources Too many blocks can lead to a denial of service The same site will be indexed more times and the search results will dis ...

IBM OmniFind suffers from cross site scripting, cross site request forgery, buffer overflow, session fixation and privilege escalation vulnerabilities Various other issues also exist ...

CWE-399 http://www.vupen.com/english/advisories/2010/2933 http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt http://www.osvdb.org/69078 http://www.exploit-db.com/exploits/15476 http://www.securityfocus.com/bid/44740 http://www.securityfocus.com/archive/1/514688/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/15476/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-3899

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect