IBM Net.Data Information Disclosure

vendor:

Net.Data

by:

SecurityFocus

7.5

CVSS

HIGH

IBM Net.Data Information Disclosure

200

CWE

Product Name: Net.Data

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2017

IBM Net.Data Information Disclosure

IBM Net.Data is a scripting language used to create web applications, it supports a wide range of language environments and is compatible with most recognized databases. Net.Data contains a vulnerability which reveals server information. Requesting a specially crafted URL, by way of the CGI application, comprised of an invalid request and known database, will reveal the physical path of server files.

Mitigation:

Upgrade to the latest version of IBM Net.Data.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2017/info

IBM Net.Data is a scripting language used to create web applications, it supports a wide range of language environments and is compatible with most recognized databases.

Net.Data contains a vulnerability which reveals server information. Requesting a specially crafted URL, by way of the CGI application, comprised of an invalid request and known database, will reveal the physical path of server files.

Successful exploitation of this vulnerability could assist in further attacks against the victim host. 

http://target/cgi-bin/db2www/library/document.d2w/show

DTWP029E: Net.Data is unable to locate the HTML block SHOW in file /projects/www/netdata/macro/software/library/document.d2w.