CVE-2001-0390

IBM Net.Commerce 3.1.2 - Denial of Service via Macro.d2w Macro

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0390. PoCs published by ET LoWNOISE.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) vulnerability in IBM Net.Commerce by sending a long string of '%0a' characters to the macro.d2w CGI script, causing the Websphere server to crash.

Description

IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ET LoWNOISE · textdoscgi

https://www.exploit-db.com/exploits/20753

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service (DoS) vulnerability in IBM Net.Commerce by sending a long string of '%0a' characters to the macro.d2w CGI script, causing the Websphere server to crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: IBM Net.Commerce (part of Websphere)

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/176100

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2588

Scores

EPSS 0.0509

EPSS Percentile 91.3%

Details

Status published

Products (8)

ibm/net.commerce 2.0

ibm/net.commerce 3.0

ibm/net.commerce 3.1

ibm/net.commerce 3.1.1

ibm/net.commerce 3.1.2

ibm/net.commerce_hosting_server 3.1.1

ibm/net.commerce_hosting_server 3.1.2

ibm/websphere_application_server 5.1.0.3

Published Jul 02, 2001

Tracked Since Feb 18, 2026