CVE-2015-1883 - Buried Porcupine

Description

IBM DB2 9.7 through FP10 9.8 through FP5 10.1 before FP5 and 10.5 through FP5 on Linux UNIX and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg21698308 http://www-01.ibm.com/support/docview.wss?uid=swg1IT08086 http://www-01.ibm.com/support/docview.wss?uid=swg1IT08085 http://www-01.ibm.com/support/docview.wss?uid=swg1IT08075 http://www-01.ibm.com/support/docview.wss?uid=swg1IT08080 http://www.securityfocus.com/bid/75946 http://www.securitytracker.com/id/1032881