Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3899

CWE-3994 documents4 sources
Severity
5.0MEDIUM
EPSS
8.8%
top 7.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Omnifind
Timeline
PublishedNov 12
Latest updateMay 14

Description

IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/omnifind8.0, 9.0+1

🔴Vulnerability Details

2
GHSA
GHSA-jxjv-4m8c-326g: IBM OmniFind Enterprise Edition 82022-05-14
CVEList
CVE-2010-3899: IBM OmniFind Enterprise Edition 82010-11-12

💥Exploits & PoCs

1
Exploit-DB
IBM OmniFind Crawler - Denial of Service2010-11-09
CVE-2010-3899 (MEDIUM CVSS 5) | IBM OmniFind Enterprise Edition 8.x | cvebase.io