IBM DB2 Information Disclosure Vulnerability (Win) Network Vulnerability

Summary

This host is installed with IBM DB2 and is prone to Information Disclosure Vulnerability.

Impact

Successful exploitation will let the attacker gain sensitive information of the affected remote system. Impact Level: Application

Solution

Apply the security update. http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24022678 ***** NOTE: Please, ignore the warning if Patch is already applied. *****

Insight

This flaw is due to the 'INNER JOIN' and 'OUTER JOIN' predicate which allows remote attackers to execute arbitrary queries.

Affected

IBM DB2 Enterprise Server 9.1 before 9.1 FP7. IBM DB2 Workgroup Server 9.1 before 9.1 FP7. IBM DB2 Express Server 9.1 before 9.1 FP7. IBM DB2 Personal Server 9.1 before 9.1 FP7. IBM DB2 Connect Server 9.1 before 9.1 FP7.

References

http://www.vupen.com/english/advisories/2009/0912
http://xforce.iss.net/xforce/xfdb/49864

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-1239

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tiles Multiple XSS Vulnerability
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
Apache Rave User Information Disclosure Vulnerability
Afian 'includer.php' Directory Traversal Vulnerability
Apache Struts2 showcase namespace XSS Vulnerability

Take action and discover your vulnerabilities