NVD Vulnerability Detail

CVE-2013-5466

Summary	The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors.
Publication Date	Dec. 19, 2013, 1:04 a.m.
Registration Date	Jan. 26, 2021, 3:45 p.m.
Last Update	Nov. 21, 2024, 10:57 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:db2:9.5:::::::*
cpe:2.3:a:ibm:db2_connect:10.5:::::::*
cpe:2.3:a:ibm:db2:10.1:::::::*
cpe:2.3:a:ibm:db2_purescale_feature_9.8:-:-:-::-:db2_enterprise_edition::*
cpe:2.3:a:ibm:db2_connect:9.5:::::::*
cpe:2.3:a:ibm:db2_connect:10.1:::::::*
cpe:2.3:a:ibm:db2:9.7:::::::*
cpe:2.3:a:ibm:db2_connect:9.7:::::::*
cpe:2.3:a:ibm:db2:10.5:::::::*
cpe:2.3:a:ibm:db2:9.8:::::::*
cpe:2.3:a:ibm:db2_connect:9.8:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/64334
2	http://www.securityfocus.com/bid/64334
3	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97402
4	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97402
5	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97470
6	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97470
7	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97471
8	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97471
9	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97472
10	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97472
11	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97763
12	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97763
13	http://www-01.ibm.com/support/docview.wss?uid=swg21660046	Vendor Advisory
14	http://www-01.ibm.com/support/docview.wss?uid=swg21660046	Vendor Advisory
15	https://exchange.xforce.ibmcloud.com/vulnerabilities/88365
16	https://exchange.xforce.ibmcloud.com/vulnerabilities/88365

Common Vulnerabilities List

JVN Vulnerability Information

IBM DB2 および DB2 Connect の XSLT ライブラリにおけるサービス運用妨害 (DoS) の脆弱性

Title	IBM DB2 および DB2 Connect の XSLT ライブラリにおけるサービス運用妨害 (DoS) の脆弱性
Summary	IBM DB2、DB2 Connect、および DB2 pureScale Feature for Enterprise Server Edition の XSLT ライブラリには、サービス運用妨害 (DoS) 状態にされる脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 13, 2013, midnight
Registration Date	Dec. 20, 2013, 4:59 p.m.
Last Update	Dec. 20, 2013, 4:59 p.m.

Affected System

IBM

IBM DB2 9.5 から 10.5

IBM DB2 Connect 9.5 から 10.5

IBM DB2 pureScale Feature for Enterprise Server Edition 9.8

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-5466	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5466
National Vulnerability Database (NVD)
2	CVE-2013-5466	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5466

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
IBM Support Document
1	1660046	http://www-01.ibm.com/support/docview.wss?uid=swg21660046
2	IC97470	http://www-01.ibm.com/support/docview.wss?uid=swg1IC97470

Change Log

No	Changed Details	Date of change
0	[2013年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:db2:9.5:::::::*
cpe:2.3:a:ibm:db2_connect:10.5:::::::*
cpe:2.3:a:ibm:db2:10.1:::::::*
cpe:2.3:a:ibm:db2_purescale_feature_9.8:-:-:-::-:db2_enterprise_edition::*
cpe:2.3:a:ibm:db2_connect:9.5:::::::*
cpe:2.3:a:ibm:db2_connect:10.1:::::::*
cpe:2.3:a:ibm:db2:9.7:::::::*
cpe:2.3:a:ibm:db2_connect:9.7:::::::*
cpe:2.3:a:ibm:db2:10.5:::::::*
cpe:2.3:a:ibm:db2:9.8:::::::*
cpe:2.3:a:ibm:db2_connect:9.8:::::::*