Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.802730 |
Category: | Databases |
Title: | IBM Db2 XML Feature DoS and CREATE VARIABLE Security Bypass Vulnerabilities |
Summary: | IBM Db2 is prone to a denial of service and security bypass vulnerabilities. |
Description: | Summary: IBM Db2 is prone to a denial of service and security bypass vulnerabilities. Vulnerability Insight: The flaws are due to an: - Improper checks on variables, An attacker could exploit this vulnerability using a specially crafted SQL statement to bypass table restrictions and obtain sensitive information. - Error in the XML feature allows remote authenticated users to cause a denial of service by calling the XMLPARSE function with a crafted string expression. Vulnerability Impact: Successful exploitation allows remote users to cause denial of service, disclose sensitive information and bypass security restrictions. Affected Software/OS: IBM DB2 version 9.5 before FP9 and IBM DB2 version 9.7 before FP5 Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P |
Cross-Ref: |
BugTraq ID: 52326 Common Vulnerability Exposure (CVE) ID: CVE-2012-0712 AIX APAR: IC81379 http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379 AIX APAR: IC81380 http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380 AIX APAR: IC81837 http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14450 XForce ISS Database: db2-xmlfeature-dos(73496) https://exchange.xforce.ibmcloud.com/vulnerabilities/73496 Common Vulnerability Exposure (CVE) ID: CVE-2012-0709 AIX APAR: IC81387 http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387 AIX APAR: IC81390 http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390 AIX APAR: IC81836 http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15004 XForce ISS Database: db2-createvariable-security-bypass(73493) https://exchange.xforce.ibmcloud.com/vulnerabilities/73493 |
Copyright | Copyright (C) 2012 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |