Summary
This host is running IBM DB2 and is
prone to multiple denial of service vulnerabilities.
Impact
Successful exploitation will allow attacker
to cause the server to terminate abnormally and cause a denial of service.
Impact Level: Application
Solution
Apply the appropriate fix from below links,
http://www-01.ibm.com/support/docview.wss?uid=swg21690787 http://www-01.ibm.com/support/docview.wss?uid=swg21692358
Insight
The flaws are due to
- An error during the handling of a specially crafted ALTER TABLE statement on an identity column.
- An error when handling a specially crafted XML query, which can result in a consumption of CPU resources.
Affected
IBM DB2 versions 9.5 through FP10
IBM DB2 versions 9.7 through FP10
IBM DB2 versions 9.8 through FP5
IBM DB2 versions 10.1 through FP4
IBM DB2 versions 10.5 through FP4
Detection
Get the installed version of IBM DB2
with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-6209, CVE-2014-8901 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P
Related Vulnerabilities
- IBM DB2 Client Interfaces component Unspecified Vulnerabilities (Linux)
- Oracle Database Server Multiple Unspecified Vulnerabilities-02 Jan2014
- IBM DB2 SYSIBMADM Multiple Vulnerabilities (Sep10)
- PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
- MariaDB 'COM_CHANGE_USER' Command Insecure Salt Generation Security Bypass Vulnerability