IBM DB2 < 8.12.0 Multiple DoS (deprecated)

Medium Nessus Network Monitor Plugin ID 3652

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

The remote host is running the IBM DB2 database. This version of DB2 is vulnerable to multiple flaws in the way that it processes user-supplied data. A remote attacker may deny access to legitimate database users. It is believed that authentication is required prior to the exploitation of this bug.

Solution

Upgrade to version 8.12.0 or higher.

Plugin Details

Severity: Medium

ID: 3652

File Name: 3652.prm

Family: Database

Published: 2006/06/15

Modified: 2016/02/05

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.8

Temporal Score: 3.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS3#AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2006-3066

BID: 18428