CVE-2010-3899

IBM Omnifind - Resource Management Error

Title source: rule

Description

IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents.

Exploits (1)

exploitdb WORKING POC

by Fatih Kilic · phpdosmultiple

https://www.exploit-db.com/exploits/15476

View Code ZIP pw:eip

References (6)

[Exploit] http://www.exploit-db.com/exploits/15476

[Third Party Advisory, VDB Entry] http://www.osvdb.org/69078

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/2933

[Vendor Advisory] http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/514688/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/44740

Scores

EPSS 0.0884

EPSS Percentile 92.6%

Details

CWE

CWE-399

Status published

Products (2)

ibm/omnifind 8.0

ibm/omnifind 9.0

Published Nov 12, 2010

Tracked Since Feb 18, 2026