Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0390 — IBM Websphere Application Server vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

7.2%

top 8.38%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Net.commerce IBM Net.commerce Hosting Server IBM Websphere Application Server

Timeline

PublishedJul 2

Latest updateApr 30

Description

IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDibm/websphere_application_server5.1.0.3

▶NVDibm/net.commerce5 versions+4

▶NVDibm/net.commerce_hosting_server3.1.1, 3.1.2+1

🔴Vulnerability Details

GHSA

GHSA-p6p2-rcmv-fx7v: IBM Websphere/NetCommerce3 3↗2022-04-30

▶

CVEList

CVE-2001-0390: IBM Websphere/NetCommerce3 3↗2001-05-24

▶

💥Exploits & PoCs

Exploit-DB

IBM Websphere/Net.Commerce 3 - CGI-BIN Macro Denial of Service↗2001-04-13

▶