Lucene search

[email protected]NVD:CVE-2006-3860

HistoryAug 17, 2006 - 1:04 a.m.

CVE-2006-3860

2006-08-1701:04:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.017

Percentile

87.7%

JSON

IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) “SET DEBUG FILE” SQL command, and the (2) start_onpload and (3) dbexp functions.

Affected configurations

Nvd

Node

ibminformix_dynamic_database_serverMatch7.3

ibminformix_dynamic_database_serverMatch7.31_.xd8

ibminformix_dynamic_database_serverMatch9.4

ibminformix_dynamic_database_serverMatch9.40.tc5

ibminformix_dynamic_database_serverMatch9.40.uc1

ibminformix_dynamic_database_serverMatch9.40.uc2

ibminformix_dynamic_database_serverMatch9.40.uc3

ibminformix_dynamic_database_serverMatch9.40.uc5

ibminformix_dynamic_database_serverMatch9.40.xc7

ibminformix_dynamic_database_serverMatch10.0

ibminformix_dynamic_database_serverMatch10.0_xc3

VendorProductVersionCPE
ibminformix_dynamic_database_server7.3cpe:2.3:a:ibm:informix_dynamic_database_server:7.3:*:*:*:*:*:*:*
ibminformix_dynamic_database_server7.31_.xd8cpe:2.3:a:ibm:informix_dynamic_database_server:7.31_.xd8:*:*:*:*:*:*:*
ibminformix_dynamic_database_server9.4cpe:2.3:a:ibm:informix_dynamic_database_server:9.4:*:*:*:*:*:*:*
ibminformix_dynamic_database_server9.40.tc5cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc5:*:*:*:*:*:*:*
ibminformix_dynamic_database_server9.40.uc1cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc1:*:*:*:*:*:*:*
ibminformix_dynamic_database_server9.40.uc2cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc2:*:*:*:*:*:*:*
ibminformix_dynamic_database_server9.40.uc3cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc3:*:*:*:*:*:*:*
ibminformix_dynamic_database_server9.40.uc5cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc5:*:*:*:*:*:*:*
ibminformix_dynamic_database_server9.40.xc7cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.xc7:*:*:*:*:*:*:*
ibminformix_dynamic_database_server10.0cpe:2.3:a:ibm:informix_dynamic_database_server:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	informix_dynamic_database_server	7.3	cpe:2.3:a:ibm:informix_dynamic_database_server:7.3:::::::*
ibm	informix_dynamic_database_server	7.31_.xd8	cpe:2.3:a:ibm:informix_dynamic_database_server:7.31_.xd8:::::::*
ibm	informix_dynamic_database_server	9.4	cpe:2.3:a:ibm:informix_dynamic_database_server:9.4:::::::*
ibm	informix_dynamic_database_server	9.40.tc5	cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc5:::::::*
ibm	informix_dynamic_database_server	9.40.uc1	cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc1:::::::*
ibm	informix_dynamic_database_server	9.40.uc2	cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc2:::::::*
ibm	informix_dynamic_database_server	9.40.uc3	cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc3:::::::*
ibm	informix_dynamic_database_server	9.40.uc5	cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc5:::::::*
ibm	informix_dynamic_database_server	9.40.xc7	cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.xc7:::::::*
ibm	informix_dynamic_database_server	10.0	cpe:2.3:a:ibm:informix_dynamic_database_server:10.0:::::::*

Rows per page:

1-10 of 111

References

secunia.com/advisories/21301

securityreason.com/securityalert/1407

www-1.ibm.com/support/docview.wss?uid=swg21242921

www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf

www.osvdb.org/27686

www.securityfocus.com/archive/1/443133/100/0/threaded

www.securityfocus.com/archive/1/443185/100/0/threaded

www.securityfocus.com/bid/19264

www.vupen.com/english/advisories/2006/3077

exchange.xforce.ibmcloud.com/vulnerabilities/28121

exchange.xforce.ibmcloud.com/vulnerabilities/28124

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.017

Percentile

87.7%

JSON

Related for NVD:CVE-2006-3860

securityvulns1 cvelist1 cve1 checkpoint_advisories1 nessus1