Security Bulletin: Denial of Service Security Vulnerability in DB2’s XML Feature. (CVE-2012-0712)

Abstract Vulnerability in IBM DB2’s XML Feature could allow a remote attacker to cause the database server to crash. Content VULNERABILITY DETAILS CVE ID: CVE-2012-0712 DESCRIPTION: The IBM DB2 products listed below contain a security vulnerability in DB2’s XML Feature which could allow a malicio...

IBM DB2 9.7 < Fix Pack 6 Multiple Vulnerabilities

According to its version, the installation of DB2 9.7 running on the remote host is prior to Fix Pack 6. It is, therefore, affected by multiple vulnerabilities : - A local user can exploit a vulnerability in the bundled IBM Tivoli Monitoring Agent ITMA to escalate their privileges. CVE-2011-4061 ...

IBM DB2 XML Feature DoS and CREATE VARIABLE Security Bypass Vulnerabilities

The host is running IBM DB2 and is prone to denial of service and security bypass vulnerabilities. OpenVAS Vulnerability Test $Id: gbibmdb2xmldosncreatevarsecbypassvuln.nasl 5999 2017-04-21 09:02:32Z teissa $ IBM DB2 XML Feature DoS and CREATE VARIABLE Security Bypass Vulnerabilities Authors:...

CVE-2012-0712

CVE-2012-0712 affects IBM DB2 XML Feature in DB2 9.5 (before FP9), 9.7 (through FP5), and 9.8 (through FP4). The flaw allows a remote authenticated user to cause a denial of service (infinite loop) by invoking XMLPARSE with a crafted string expression. IBM’s bulletin notes the vulnerability requi...