CVE-2010-3899

IBM OmniFind Enterprise Edition 8.x and 9.x - Denial of Service via Unlimited Web Crawl Recursion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3899. PoCs published by Fatih Kilic.

AI-analyzed exploit summary This exploit demonstrates a denial of service vulnerability in a crawler due to lack of recursion depth limit. The provided PHP script generates dynamic links that cause the crawler to enter an endless loop, consuming server resources.

Description

IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents.

Exploits (1)

exploitdb WORKING POC

by Fatih Kilic · phpdosmultiple

https://www.exploit-db.com/exploits/15476

View Code ZIP pw:eip

This exploit demonstrates a denial of service vulnerability in a crawler due to lack of recursion depth limit. The provided PHP script generates dynamic links that cause the crawler to enter an endless loop, consuming server resources.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Unspecified crawler software (affected by CVE-2010-3899)

No auth needed

Prerequisites: A vulnerable crawler with no recursion depth limit · Ability to host a PHP script accessible to the crawler

MITRE ATT&CK