IBM OmniFind Crawler Denial of Service Vulnerability

Credit: Fatih Kilic
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-399

CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

* Crawler endless loop (CVE-2010-3899) The crawler has no recursion depth limit. A site with dynamic parameter manipulation can cause an endless loop. This loop will block the crawler thread and use permanent server resources. Too many blocks can lead to a denial of service. The same site will be indexed more times and the search results will display the same site many times. This can be abused for spamming the search results. Exploit to test the endless loop: /* loop.php */ <?php $numb = rand(); echo $numb.'<br><a href="loop.php?value='.$numb.'">click me</a>'; ?>


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021,


Back to Top