IBM solidDB 'SELECT' Statement 'WHERE' Condition Denial of Service Vulnerability
BID:52111
Info
IBM solidDB 'SELECT' Statement 'WHERE' Condition Denial of Service Vulnerability
| Bugtraq ID: | 52111 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2012-0200 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 09 2012 12:00AM |
| Updated: | Feb 09 2012 12:00AM |
| Credit: | IBM |
| Vulnerable: |
IBM solidDB 6.5.0.8 Interim Fix 5 0 IBM solidDB 6.5.0.8 0 |
| Not Vulnerable: |
IBM solidDB 6.5 8 Interim Fix 6 |
Discussion
IBM solidDB 'SELECT' Statement 'WHERE' Condition Denial of Service Vulnerability
IBM solidDB is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
IBM solidDB versions prior to 6.5.0.8 Interim Fix 6 are vulnerable.
IBM solidDB is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
IBM solidDB versions prior to 6.5.0.8 Interim Fix 6 are vulnerable.
Exploit / POC
IBM solidDB 'SELECT' Statement 'WHERE' Condition Denial of Service Vulnerability
The following exploit is available:
SELECT * FROM a WHERE (b >0) AND (b IN (1,2))
The following exploit is available:
SELECT * FROM a WHERE (b >0) AND (b IN (1,2))
Solution / Fix
IBM solidDB 'SELECT' Statement 'WHERE' Condition Denial of Service Vulnerability
Solution:
Updates are available; please see the references for more information.
Solution:
Updates are available; please see the references for more information.
References
IBM solidDB 'SELECT' Statement 'WHERE' Condition Denial of Service Vulnerability
References:
References: