Vulnerability Description
IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Net.Data | All versions |
References
- http://www.iss.net/security_center/static/11016.php
- http://www.securiteam.com/securitynews/5CP061F8VS.htmlVendor Advisory
- http://www.securitytracker.com/id?1005890
- http://www.iss.net/security_center/static/11016.php
- http://www.securiteam.com/securitynews/5CP061F8VS.htmlVendor Advisory
- http://www.securitytracker.com/id?1005890
FAQ
What is CVE-2003-1282?
CVE-2003-1282 is a vulnerability with a CVSS score of 5.0 (MEDIUM). IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE),...
How severe is CVE-2003-1282?
CVE-2003-1282 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1282?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Net.Data.