IBM OmniFind Crawler Denial of Service Vulnerability

2010.11.15
Credit: Fatih Kilic
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2010-3899
CWE: CWE-399


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

* Crawler endless loop (CVE-2010-3899) The crawler has no recursion depth limit. A site with dynamic parameter manipulation can cause an endless loop. This loop will block the crawler thread and use permanent server resources. Too many blocks can lead to a denial of service. The same site will be indexed more times and the search results will display the same site many times. This can be abused for spamming the search results. Exploit to test the endless loop: /* loop.php */ <?php $numb = rand(); echo $numb.'<br><a href="loop.php?value='.$numb.'">click me</a>'; ?>

References:

http://www.vupen.com/english/advisories/2010/2933
http://www.securityfocus.com/bid/44740
http://www.securityfocus.com/archive/1/archive/1/514688/100/0/threaded
http://www.osvdb.org/69078
http://www.exploit-db.com/exploits/15476
http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top