SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Web Server/CGI)  >   DB2 WWW Connection Vendors:   IBM
IBM's DB2 WWW Connection Gateway Reveals Physical Path of Files to Remote Users
SecurityTracker Alert ID:  1001340
SecurityTracker URL:  http://securitytracker.com/id/1001340
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Jul 13 2001
Original Entry Date:  Apr 18 2001
Impact:   Disclosure of system information


Description:   It was reported that IBM's DB2 WWW Connection gateway contains a vulnerability that reveals physical path data to remote users.

DB2 WWW Connection gateway is used to provide a web interface to IBM's DB2 database.

The author of the report notes that adding a "/" followed by any character(s) to a .d2w file will cause the server to reveal the physical path.

If there are no known d2w files, a remote user can add "/../a" to the "/db2www/" directory (as in: http://[targethost]/cgi-bin/db2www/../a) to obtain the physical path.
Impact:   A remote user can determine the physical path of certain files on the web server.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.ibm.com/software/data/db2/www/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:   Linux (Any), UNIX (Any), Windows (NT)

Message History:   None.

 Source Message Contents
Date:  Tue, 17 Apr 2001 13:38:38 -0400
Subject:  Advisory for db2www


 [ Advisory for db2www                             ]
 [ db2www is made by IBM. Site: http://www.ibm.com ]
 [ by nemesystm of the DHC                         ]
 [ (http://dhcorp.cjb.net - neme-dhc@hushmail.com) ]

/-|=[explaination]=|-\
db2www is a program by IBM, to translate database's to html files. There
is a simple physical path revealing problem.

/-|=[testing it]=|-\
To test this vulnerability, try the following.
take a .d2w file you have on your server and append /anythinghere to it.
The physical path will be revealed.
here is an example.
http://www-4.ibm.com/cgi-bin/db2www/library/document.d2w, just append /a
to it.
http://www-4.ibm.com/cgi-bin/db2www/library/document.d2w/a
This will give you the physical path.
if you don't know any d2w files, then just try adding /../a to /db2www/
like so:
http://www-4.ibm.com/cgi-bin/db2www/../a
Again you get the physical path

/-|=[notes]=|-\
IBM hasn't been contacted yet.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC