Summary
This host is installed with IBM DB2 and is prone to Information Disclosure Vulnerability.
Impact
Successful exploitation will let the attacker gain sensitive information of the affected remote system.
Impact Level: Application/System
Solution
Apply the security update.
http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24022678
*****
NOTE: Please, ignore the warning if Patch is already applied.
*****
Insight
This flaw is due to the 'INNER JOIN' and 'OUTER JOIN' predicate which allows remote attackers to execute arbitrary queries.
Affected
IBM DB2 Enterprise Server 9.1 before 9.1 FP7.
IBM DB2 Workgroup Server 9.1 before 9.1 FP7.
IBM DB2 Express Server 9.1 before 9.1 FP7.
IBM DB2 Personal Server 9.1 before 9.1 FP7.
IBM DB2 Connect Server 9.1 before 9.1 FP7.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-1239 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Adobe JRun Management Console Multiple Vulnerabilities
- @Mail WebMail Email Body HTML Injection Vulnerability
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability