{"vuid":"VU#197318","idnumber":"197318","name":"IBM Net.Data db2www CGI interpreter fails to properly validate requested macro filenames","keywords":["IBM","Net.Data","cross-site scripting","css","db2www CGI interpreter","DTWP001E","error message"],"overview":"IBM Net.Data fails to properly validate user input passed to the db2www CGI interpreter, which could allow an attacker to mount a cross-site scripting attack against a vulnerable system.","clean_desc":"IBM Net.Data is a scripting language used to create web applications. Net.Data macros are supplied to a CGI interpreter (db2www) that generates HTML output. The db2www CGI interpreter fails to properly validate requested macro filenames before returning at least one type of error message (DTWP001E). It is possible to use a cross-site scripting technique to inject malicious script (JavaScript, VBScript, etc.) or HTML into the error message by using a specially crafted macro filename.","impact":"A remote attacker could access sensitive information related to the vulnerable web page (cookies, form values, URI data). The attacker could also attempt to mislead the user into providing sensitive information such as login credentials.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"Disable Scripting To help defend against cross-site scripting attacks from the client's perspective, disable scripting in your web browser and HTML-enabled email client. Instructions for disabling scripting can be found in the CERT/CC Malicious Web Scripts FAQ.","sysaffected":"","thanks":"Thanks to Secunia for the information contained in their security advisory.","author":"This document was written by Damon Morda.","public":["http://www-3.ibm.com/software/data/net.data/","http://www.secunia.com/secunia_research/2004-1/","http://www.secunia.com/advisories/10709/","http://www-306.ibm.com/software/data/net.data/docs/pdf/db2mn.pdf","http://www.cert.org/archive/pdf/cross_site_scripting.pdf"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-01-28T19:14:13Z","publicdate":"2004-01-26T00:00:00Z","datefirstpublished":"2004-03-08T18:24:07Z","dateupdated":"2004-03-19T16:53:02Z","revision":22,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"7","cam_easeofexploitation":"2","cam_attackeraccessrequired":"20","cam_scorecurrent":"1.575","cam_scorecurrentwidelyknown":"1.96875","cam_scorecurrentwidelyknownexploited":"3.54375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.575,"vulnote":null}