ID CVE-2010-3899
Summary IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*
    cpe:2.3:a:ibm:omnifind:8.0:-:enterprise:*:*:*:*:*
  • cpe:2.3:a:ibm:omnifind:9.0:-:enterprise:*:*:*:*:*
    cpe:2.3:a:ibm:omnifind:9.0:-:enterprise:*:*:*:*:*
CVSS
Base: 5.0 (as of 10-10-2018 - 20:06)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 44740
bugtraq 20101109 IBM OmniFind - several vulnerabilities
exploit-db 15476
misc http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
osvdb 69078
vupen ADV-2010-2933
Last major update 10-10-2018 - 20:06
Published 12-11-2010 - 22:00
Last modified 10-10-2018 - 20:06
Back to Top