QwikSec

Security Database

CVE

CWE

Training

CVE-2016-10577

Published: May 29, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Vendor	Product	Versions
HackerOne	ibm_db node module	affected `<1.0.2`

Weaknesses (CWE)

References

https://github.com/ibmdb/node-ibm_db/commit/d7e2d4b4cbeb6f067df8bba7d0b2ac5d40fcfc19#diff-315091eb1586966006e05ebc21cd2a94

x_refsource_MISC

https://nodesecurity.io/advisories/163

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.