Vulnerability Name:

CCN-27101

Published:2006-06-13
Updated:2006-06-13
Summary:IBM DB2 Universal Database is vulnerable to a denial of service, caused by improper handling of SQL queries containing overly long IN clauses. A malicious database client could exploit this vulnerability to cause the database to crash.
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: IBM Support & downloads
DB2 Universal Database Version 8 FixPak 12 (also known as Version 8.2 FixPak 5)

Source: CCN
Type: BID-18428
IBM DB2 Universal Database Multiple Denial of Service Vulnerabilities

Source: XF
Type: UNKNOWN
db2-sql-inclause-dos(27101)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:ibm:db2_universal_database:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.6c:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.7b:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.8a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1.9a:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:::x86:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:aix_5l:-:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10.0::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm db2 universal database 8.1.4
    ibm db2 universal database 8.1.5
    ibm db2 universal database 8.1.6
    ibm db2 universal database 8.1.6c
    ibm db2 universal database 8.1.7
    ibm db2 universal database 8.1.7b
    ibm db2 universal database 8.1.8
    ibm db2 universal database 8.1.8a
    ibm db2 universal database 8.1.9
    ibm db2 universal database 8.1.9a
    ibm db2 universal database 8.10
    ibm db2 universal database 8.2
    sun solaris
    ibm aix 4
    ibm aix 5l -
    sun solaris 10.0