CVE-2012-2194: Path Traversal
First published: Wed Jul 25 2012(Updated: )
Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Db2 | =9.1 | |
| IBM Db2 | =9.1.0.1 | |
| IBM Db2 | =9.1.0.2 | |
| IBM Db2 | =9.1.0.2-a | |
| IBM Db2 | =9.1.0.3 | |
| IBM Db2 | =9.1.0.3-a | |
| IBM Db2 | =9.1.0.4 | |
| IBM Db2 | =9.1.0.4-a | |
| IBM Db2 | =9.1.0.5 | |
| IBM Db2 | =9.1.0.6 | |
| IBM Db2 | =9.1.0.6-a | |
| IBM Db2 | =9.1.0.7 | |
| IBM Db2 | =9.1.0.7-a | |
| IBM Db2 | =9.1.0.8 | |
| IBM Db2 | =9.1.0.9 | |
| IBM Db2 | =9.1.0.10 | |
| IBM Db2 | =9.1.0.11 | |
| IBM Db2 | =9.5 | |
| IBM Db2 | =9.5.0.1 | |
| IBM Db2 | =9.5.0.2 | |
| IBM Db2 | =9.5.0.2-a | |
| IBM Db2 | =9.5.0.3 | |
| IBM Db2 | =9.5.0.3-a | |
| IBM Db2 | =9.5.0.3-b | |
| IBM Db2 | =9.5.0.4 | |
| IBM Db2 | =9.5.0.4-a | |
| IBM Db2 | =9.5.0.5 | |
| IBM Db2 | =9.5.0.6-a | |
| IBM Db2 | =9.5.0.7 | |
| IBM Db2 | =9.5.0.8 | |
| IBM Db2 | =9.5.0.9 | |
| IBM Db2 | =9.7 | |
| IBM Db2 | =9.7.0.1 | |
| IBM Db2 | =9.7.0.2 | |
| IBM Db2 | =9.7.0.3 | |
| IBM Db2 | =9.7.0.4 | |
| IBM Db2 | =9.7.0.5 | |
| IBM Db2 | =9.7.0.6 | |
| IBM Db2 | =9.8 | |
| IBM Db2 | =9.8.0.3 | |
| IBM Db2 | =9.8.0.4 | |
| IBM Db2 | =9.8.0.5 | |
| IBM Db2 | =10.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/49919
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716
- http://www-01.ibm.com/support/docview.wss?uid=swg21600837
- http://www.securityfocus.com/bid/54487
Frequently Asked Questions
What is the severity of CVE-2012-2194?
CVE-2012-2194 has a severity rating that allows remote attackers to replace JAR files in affected versions of IBM DB2.
How do I fix CVE-2012-2194?
To fix CVE-2012-2194, you should update your IBM DB2 to the latest version or apply any available patches from IBM.
Which versions of IBM DB2 are affected by CVE-2012-2194?
CVE-2012-2194 affects IBM DB2 versions 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1.
Can CVE-2012-2194 be exploited remotely?
Yes, CVE-2012-2194 can be exploited remotely by attackers to manipulate JAR files without proper authorization.
What type of vulnerability is CVE-2012-2194?
CVE-2012-2194 is classified as a directory traversal vulnerability.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm db2
- version/ibm db2/9.1
- version/ibm db2/9.1.0.1
- version/ibm db2/9.1.0.2
- version/ibm db2/9.1.0.2-a
- version/ibm db2/9.1.0.3
- version/ibm db2/9.1.0.3-a
- version/ibm db2/9.1.0.4
- version/ibm db2/9.1.0.4-a
- version/ibm db2/9.1.0.5
- version/ibm db2/9.1.0.6
- version/ibm db2/9.1.0.6-a
- version/ibm db2/9.1.0.7
- version/ibm db2/9.1.0.7-a
- version/ibm db2/9.1.0.8
- version/ibm db2/9.1.0.9
- version/ibm db2/9.1.0.10
- version/ibm db2/9.1.0.11
- version/ibm db2/9.5
- version/ibm db2/9.5.0.1
- version/ibm db2/9.5.0.2
- version/ibm db2/9.5.0.2-a
- version/ibm db2/9.5.0.3
- version/ibm db2/9.5.0.3-a
- version/ibm db2/9.5.0.3-b
- version/ibm db2/9.5.0.4
- version/ibm db2/9.5.0.4-a
- version/ibm db2/9.5.0.5
- version/ibm db2/9.5.0.6-a
- version/ibm db2/9.5.0.7
- version/ibm db2/9.5.0.8
- version/ibm db2/9.5.0.9
- version/ibm db2/9.7
- version/ibm db2/9.7.0.1
- version/ibm db2/9.7.0.2
- version/ibm db2/9.7.0.3
- version/ibm db2/9.7.0.4
- version/ibm db2/9.7.0.5
- version/ibm db2/9.7.0.6
- version/ibm db2/9.8
- version/ibm db2/9.8.0.3
- version/ibm db2/9.8.0.4
- version/ibm db2/9.8.0.5
- version/ibm db2/10.1