db2www
------

CVE Number: 
CAN-2000-0677

Details:
The db2www cgi script was found on the system. Older versions of this file
contain a flaw via a buffer overflow that allows for remote command execution.
Also some versions will reveal path information.

Fix:
IBM has released patches for all affected versions of the software. It is
recommended that the latest patches be applied.

Related URLs:
ftp://ftp.software.ibm.com/software/net.data/fixes/
http://www.securityfocus.com/archive/1/80989
http://archives.neohapsis.com/archives/bugtraq/2000-11/0384.html

$Id: db2www,v 1.2 2001/01/04 18:34:32 loveless Exp $
