IBM Net.Data Local Path Disclosure Vulnerability?

Not sure if this is exactly a new issue or not, but IBM's Net.Data package often used in conjuction with NetCommerce3 and db2www will disclose the local path of server files if fed improper requests. This software is in use on a variety of sites, including several online-shopping locales. Example...

Небольшая проблема в IBM Net.Data (path retrieval)

Можно мполучить информацию о физическом расположении файлов...

IBM Net.Data 7.0 - Full Path Disclosure

source: https://www.securityfocus.com/bid/2017/info IBM Net.Data is a scripting language used to create web applications, it supports a wide range of language environments and is compatible with most recognized databases. Net.Data contains a vulnerability which reveals server information...

CVE-2000-0677

Buffer overflow in IBM Net.Data db2www CGI (PATH_INFO) allows remote code execution. Affected: IBM Net.Data db2www CGI; Root cause: stack overflow triggered by a long PATH_INFO environmental variable. Impact: remote attacker could execute arbitrary code with web server privileges (high risk; CVSS...

CVE-2000-0677

Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATHINFO environmental variable...

ISSalert: Internet Security Systems Security Advisory: Buffer Overflow in IBM Net.Data db2www CGI program

TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to [email protected] Contact [email protected] for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security...