Vulnerability Name:

CVE-2008-3960 (CCN-44984)

Assigned:2008-09-04
Published:2008-09-04
Updated:2017-08-08
Summary:Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: CONFIRM
Type: UNKNOWN
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT

Source: MITRE
Type: CNA
CVE-2008-3960

Source: OSVDB
Type: UNKNOWN
48148

Source: CCN
Type: SA31787
IBM DB2 Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
31787

Source: CCN
Type: SECTRACK ID: 1020826
IBM DB2 JDBC Applet Server Bug Let Remote Users Deny Service

Source: CCN
Type: IBM APAR JR29274
SECURITY: MALICIOUS PACKETS SENT TO DB2JDS CAUSES CRASH.

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21318189

Source: AIXAPAR
Type: UNKNOWN
JR29274

Source: CCN
Type: OSVDB ID: 48148
IBM DB2 Universal Database JDBC Applet Server Service (db2jds) Unspecified Remote DoS

Source: BID
Type: UNKNOWN
31058

Source: CCN
Type: BID-31058
IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1020826

Source: XF
Type: UNKNOWN
db2-db2jds-dos(44984)

Source: XF
Type: UNKNOWN
db2-db2jds-dos(44984)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:db2_universal_database:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp1:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp10:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp11:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp12:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp13:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp14:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp15:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:*:fp16:*:*:*:*:*:* (Version <= 8.2)
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp2:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp3:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp4:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp5:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp6:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp7:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp8:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp9:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:db2_universal_database:8.2:fp15:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp1:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp2:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp3:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp4:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp5:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp6:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp8:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp9:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp10:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp11:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp12:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp13:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp14:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp7:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp16:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm db2 universal database 8.2
    ibm db2 universal database 8.2 fp1
    ibm db2 universal database 8.2 fp10
    ibm db2 universal database 8.2 fp11
    ibm db2 universal database 8.2 fp12
    ibm db2 universal database 8.2 fp13
    ibm db2 universal database 8.2 fp14
    ibm db2 universal database 8.2 fp15
    ibm db2 universal database * fp16
    ibm db2 universal database 8.2 fp2
    ibm db2 universal database 8.2 fp3
    ibm db2 universal database 8.2 fp4
    ibm db2 universal database 8.2 fp5
    ibm db2 universal database 8.2 fp6
    ibm db2 universal database 8.2 fp7
    ibm db2 universal database 8.2 fp8
    ibm db2 universal database 8.2 fp9
    ibm db2 universal database 8.2 fp15
    ibm db2 universal database 8.2
    ibm db2 universal database 8.2 fp1
    ibm db2 universal database 8.2 fp2
    ibm db2 universal database 8.2 fp3
    ibm db2 universal database 8.2 fp4
    ibm db2 universal database 8.2 fp5
    ibm db2 universal database 8.2 fp6
    ibm db2 universal database 8.2 fp8
    ibm db2 universal database 8.2 fp9
    ibm db2 universal database 8.2 fp10
    ibm db2 universal database 8.2 fp11
    ibm db2 universal database 8.2 fp12
    ibm db2 universal database 8.2 fp13
    ibm db2 universal database 8.2 fp14
    ibm db2 universal database 8.2 fp7
    ibm db2 universal database 8.2 fp16