Summary
This host is running IBM DB2 and is
prone to multiple denial of service vulnerabilities.
Impact
Successful exploitation will allow attacker
to cause the server to terminate abnormally and cause a denial of service.
Impact Level: Application
Solution
Apply the appropriate fix from below links,
http://www-01.ibm.com/support/docview.wss?uid=swg21690787 http://www-01.ibm.com/support/docview.wss?uid=swg21692358
Insight
The flaws are due to
- An error during the handling of a specially crafted ALTER TABLE statement on an identity column.
- An error when handling a specially crafted XML query, which can result in a consumption of CPU resources.
Affected
IBM DB2 versions 9.5 through FP10
IBM DB2 versions 9.7 through FP10
IBM DB2 versions 9.8 through FP5
IBM DB2 versions 10.1 through FP4
IBM DB2 versions 10.5 through FP4
Detection
Get the installed version of IBM DB2
with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-6209, CVE-2014-8901 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P
Related Vulnerabilities
- Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities
- Oracle MySQL Multiple Unspecified vulnerabilities - 04 May14 (Windows)
- Oracle MySQL Multiple Unspecified vulnerabilities-01 July14 (Windows)
- IBM DB2 DML Statement Execution Remote Privilege Escalation Vulnerability
- IBM DB2 db2pd Denial Of Service Vulnerability (Linux)