CVE-2000-1110
IBM Net.Data - Physical Path Disclosure via d2w CGI Program
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2000-1110. PoCs published by Chad Kalmes.
AI-analyzed exploit summary The exploit demonstrates an information disclosure vulnerability in IBM Net.Data by crafting a URL that triggers an error message revealing the physical path of server files. The error message is generated when an invalid request is made to a known database via the CGI application.
Description
document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program.
Exploits (1)
The exploit demonstrates an information disclosure vulnerability in IBM Net.Data by crafting a URL that triggers an error message revealing the physical path of server files. The error message is generated when an invalid request is made to a known database via the CGI application.