| VID |
22082 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Web DataBlade modules for Informix SQL is vulnerable to a directory traversal vulnerability.
Informix is an enterprise database distributed and maintained by IBM. The Web DataBlade Module for Informix SQL is used to provide wbBinaries for storing large binary resources such as images, sounds, etc. The Web DataBlade modules allows an attacker to read arbitrary files on the remote system by sending a specially crafted request, like :
GET /ifx/?LO=../../../../file |
| Recommendation |
Upgrade to Web DataBlade modules for Informix SQL of 4.13 version
http://www-01.ibm.com/software/data/informix/downloads.html |
| Related URL |
CVE-2001-0924 (CVE) |
| Related URL |
3575 (SecurityFocus) |
| Related URL |
7585 (ISS) |
|
