Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0122

4 documents4 sources

Severity

5.0MEDIUM

EPSS

5.5%

top 9.79%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Http Server IBM Websphere Application Server

Timeline

PublishedMar 13

Latest updateApr 30

Description

Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDibm/http_server1.3.12.2

▶NVDibm/websphere_application_server3.52

Patches

Patch: archives.neohapsis.com ↗Patch: www.securityfocus.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-r52p-5vj2-qhxc: Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1↗2022-04-30

▶

CVEList

CVE-2001-0122: Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1↗2002-03-09

▶

💥Exploits & PoCs

Exploit-DB

IBM HTTP Server 1.3 - AfpaCache/WebSphereNet.Data Denial of Service↗2001-01-08

▶