9 lines
No EOL
823 B
Text
9 lines
No EOL
823 B
Text
source: https://www.securityfocus.com/bid/2166/info
|
|
|
|
Informix Webdriver, the web-to-DB interface used by Informix database products, may permit unauthorized remote access to the system's administration functions.
|
|
|
|
Under very specific circumstances, if webdriver is called directly, without any additional parameters included in the URL submitted to the server, the response will take the form of a remote administration page which can permit a malicious non-local user to modify or delete database information.
|
|
|
|
John Wright <john@dryfish.org> notes that this vulnerability will only be exploitable under a particular misconfiguration, and that by default, the above-described URL will result only in a "404 Asset not found", etc, and not in the display of a remote administration page.
|
|
|
|
http://example.com/cgi-bin/webdriver |