| Vulnerability Name: | CVE-2012-0712 (CCN-73496) | ||||||||||||
| Assigned: | 2012-03-16 | ||||||||||||
| Published: | 2012-03-16 | ||||||||||||
| Updated: | 2017-09-19 | ||||||||||||
| Summary: | The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression. | ||||||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)
| ||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P) 3.5 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:H/RL:OF/RC:C)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:H/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-399 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2012-0712 Source: CCN Type: SA48279 IBM DB2 Multiple Vulnerabilities Source: CCN Type: SA49437 IBM DB2 Multiple Vulnerabilities Source: CCN Type: SA49474 IBM DB2 Multiple Vulnerabilities Source: AIXAPAR Type: UNKNOWN IC81379 Source: AIXAPAR Type: UNKNOWN IC81380 Source: AIXAPAR Type: UNKNOWN IC81837 Source: CCN Type: IBM Security Bulletin 1588098 Security Bulletin: Denial of Service Security Vulnerability in DB2s XML Feature. (CVE-2012-0712) Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21588098 Source: CCN Type: OSVDB ID: 79845 IBM DB2 XML Feature XMLPARSE Function Malformed String Handling Remote DoS Source: CCN Type: BID-52326 IBM DB2 Multiple Security Vulnerabilities Source: XF Type: UNKNOWN db2-xmlfeature-dos(73496) Source: XF Type: UNKNOWN db2-xmlfeature-dos(73496) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:14450 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||