Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0848 — Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Websphere Application Server

4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

4.6%

top 10.79%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Websphere Application Server

Timeline

PublishedNov 14

Latest updateApr 30

Description

Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/websphere_application_server3.0.2

Patches

Patch: archives.neohapsis.com ↗Patch: www.securityfocus.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-46w5-pg92-gjg9: Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header↗2022-04-30

▶

CVEList

CVE-2000-0848: Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header↗2001-01-22

▶

💥Exploits & PoCs

Exploit-DB

IBM Websphere Application Server 3.0.2 Server Plugin - Denial of Service↗2000-09-15

▶