1. CVE-Search
  2. CVE-2012-0712
ID CVE-2012-0712
Summary The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp6a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp6a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp7:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp7:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.5:fp8:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.5:fp8:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.7:fp5:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.7:fp5:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.8:fp3:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.8:fp3:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:9.8:fp4:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:9.8:fp4:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 19-09-2017 - 01:34)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:P
oval via4
accepted 2013-07-29T04:00:10.161-04:00
class vulnerability
contributors
  • name Scott Quint
    organization DTCC
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment IBM DB2 UDB is installed
oval oval:org.mitre.oval:def:12505
description The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.
family windows
id oval:org.mitre.oval:def:14450
status accepted
submitted 2012-03-26T11:21:44.000-05:00
title The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.
version 7
refmap via4
aixapar
  • IC81379
  • IC81380
  • IC81837
confirm http://www-01.ibm.com/support/docview.wss?uid=swg21588098
xf db2-xmlfeature-dos(73496)
Last major update 19-09-2017 - 01:34
Published 20-03-2012 - 20:55
Last modified 19-09-2017 - 01:34
Back to Top