Lucene search

[email protected]CVE-2010-3740

HistoryOct 05, 2010 - 6:00 p.m.

CVE-2010-3740

2010-10-0518:00:33

CWE-399

[email protected]

web.nvd.nist.gov

ibm

db2

udb

9.5

fuzzy search

denial of service

cve-2010-3740

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.7%

JSON

The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function.

Affected configurations

NVD

Node

ibmdb2Match9.5

ibmdb2Match9.5fp1

ibmdb2Match9.5fp2

ibmdb2Match9.5fp2a

ibmdb2Match9.5fp3

ibmdb2Match9.5fp3a

ibmdb2Match9.5fp3b

ibmdb2Match9.5fp4

ibmdb2Match9.5fp4a

ibmdb2Match9.5fp5

CPENameOperatorVersion
ibm:db2ibm db2eq9.5

CPE	Name	Operator	Version
ibm:db2	ibm db2	eq	9.5

References

ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT

www-01.ibm.com/support/docview.wss?uid=swg1IC66613

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13811

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.7%

JSON

Related for CVE-2010-3740

cvelist1 prion1 nvd1 openvas2 nessus1