header-logo
Suggest Exploit
vendor:
Informix Web Datablade Module
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Informix Web Datablade Module
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Informix Web Datablade Module Directory Traversal Vulnerability

The Web Datablade Module for Informix SQL is prone to a directory traversal vulnerability. A remote attacker who submits a specially crafted web request containing dot-dot-slash(../) sequences may be able to break out of wwwroot and browse arbitrary web-readable files on a vulnerable host. This issue is known to occur when large object caching is enabled, which sets cache_directory as a web driver variable. It occurs independently of the web server that is being used.

Mitigation:

Disable large object caching and ensure that web-readable files are not stored in web-accessible directories.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3575/info

Informix is an enterprise database distributed and maintained by IBM. The Web Datablade Module for Informix SQL is used to provide wbBinaries for storing large binary resources such as images, sounds, etc.

The Web Datablade Module for Informix SQL is prone to a directory traversal vulnerability. A remote attacker who submits a specially crafted web request containing dot-dot-slash(../) sequences may be able to break out of wwwroot and browse arbitrary web-readable files on a vulnerable host.

This issue is known to occur when large object caching is enabled, which sets cache_directory as a web driver variable. It occurs independently of the web server that is being used.

As a result, sensitive information disclosed in arbitrary web-readable files may be used by the remote attacker to make more concentrated attacks in an attempt to further compromise the host.

http://site.com/ifx/?LO=../../../file

Navigation

Suggest Exploit

Services By CQR