Executive Summary

Informations
NameCVE-2011-4890First vendor Publication2012-02-21
VendorCveLast vendor Modification2012-10-09

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Cvss Base Score4Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a ROWNUM condition involving a subquery.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4890

CWE : Common Weakness Enumeration

idName
CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application10

Snort® IPS/IDS

DateDescription
2014-01-10IBM solidDB SELECT statement denial of service attempt
RuleID : 23097 - Revision : 4 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

DateDescription
2012-02-03Name : The remote database server is affected by a denial of service vulnerability.
File : soliddb_select_dos.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
AIXAPARhttp://www-01.ibm.com/support/docview.wss?uid=swg1IC79861
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80675
BIDhttp://www.securityfocus.com/bid/51629
CONFIRMhttp://www-01.ibm.com/support/docview.wss?uid=swg27021052#if5
http://www.ibm.com/support/docview.wss?uid=swg27021052
SECTRACKhttp://www.securitytracker.com/id?1026555
SECUNIAhttp://secunia.com/advisories/47654
XFhttp://xforce.iss.net/xforce/xfdb/72651

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 11:06:34
  • Multiple Updates
2014-01-19 21:28:16
  • Multiple Updates
2013-05-10 23:12:10
  • Multiple Updates