vendor:
Informix Dynamic Server
by:
Independent security researcher
9.8
CVSS
CRITICAL
Unauthentication static PHP code injection, Heap buffer overflow, Remote DLL Injection
94, 122, 798
CWE
Product Name: Informix Dynamic Server
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2016-2183, CVE-2017-1092
CPE: a:ibm:informix_dynamic_server
Metasploit:
https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/ubuntu-usn-3087-2/, https://www.rapid7.com/db/vulnerabilities/redhat-openshift-cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/pulse-secure-pulse-connect-secure-cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp3-cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/red_hat-jboss_eap-cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/cisco-xe-cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/cisco-anyconnect-cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp2-cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/cisco-asa-cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/aix-7.2-openssl_advisory21_cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp1-cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/ibm-was-cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/aix-7.1-openssl_advisory21_cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/ibm-aix-cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2016-2183/, https://www.rapid7.com/db/vulnerabilities/ibm-java-cve-2016-2183/, https://www.rapid7.com/db/?q=CVE-2016-2183&type=&page=2, https://www.rapid7.com/db/?q=CVE-2016-2183&type=&page=2
Platforms Tested: Windows
2017
Vulnerabilities in Informix Dynamic Server and Informix Open Admin Tool
The vulnerabilities in Informix Dynamic Server and Informix Open Admin Tool allow for unauthenticated static PHP code injection, heap buffer overflow, and remote DLL injection, leading to remote code execution.
Mitigation:
IBM has released patches to address these vulnerabilities. Users should apply the latest patches as soon as possible.
