CVE-2013-5466 - OpenCVE

The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Db2 Db2 Connect Db2 Purescale Feature 9.8

Configuration 1 [-]

OR	cpe:2.3:a:ibm:db2:9.5:::::::*
	cpe:2.3:a:ibm:db2:9.7:::::::*
	cpe:2.3:a:ibm:db2:9.8:::::::*
	cpe:2.3:a:ibm:db2:10.1:::::::*
	cpe:2.3:a:ibm:db2:10.5:::::::*
	cpe:2.3:a:ibm:db2_connect:9.5:::::::*
	cpe:2.3:a:ibm:db2_connect:9.7:::::::*
	cpe:2.3:a:ibm:db2_connect:9.8:::::::*
	cpe:2.3:a:ibm:db2_connect:10.1:::::::*
	cpe:2.3:a:ibm:db2_connect:10.5:::::::*
	cpe:2.3:a:ibm:db2_purescale_feature_9.8:-:-:-::-:db2_enterprise_edition::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg1IC97402
http://www-01.ibm.com/support/docview.wss?uid=swg1IC97470
http://www-01.ibm.com/support/docview.wss?uid=swg1IC97471
http://www-01.ibm.com/support/docview.wss?uid=swg1IC97472
http://www-01.ibm.com/support/docview.wss?uid=swg1IC97763
http://www-01.ibm.com/support/docview.wss?uid=swg21660046
http://www.securityfocus.com/bid/64334
https://exchange.xforce.ibmcloud.com/vulnerabilities/88365

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2013-12-18T11:00:00

Updated: 2024-08-06T17:15:20.397Z

Reserved: 2013-08-22T00:00:00

Link: CVE-2013-5466

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-12-18T16:04:33.647

Modified: 2018-09-25T10:29:01.450

Link: CVE-2013-5466

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-14T00:00:00", "descriptions": [{"lang": "en", "value": "The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-25T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "IC97470", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97470"}, {"name": "ibm-db2-cve20135466-xslt-dos(88365)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88365"}, {"name": "64334", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/64334"}, {"name": "IC97402", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97402"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660046"}, {"name": "IC97472", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97472"}, {"name": "IC97763", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97763"}, {"name": "IC97471", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97471"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-5466", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IC97470", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97470"}, {"name": "ibm-db2-cve20135466-xslt-dos(88365)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88365"}, {"name": "64334", "refsource": "BID", "url": "http://www.securityfocus.com/bid/64334"}, {"name": "IC97402", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97402"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660046", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660046"}, {"name": "IC97472", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97472"}, {"name": "IC97763", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97763"}, {"name": "IC97471", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97471"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:15:20.397Z"}, "title": "CVE Program Container", "references": [{"name": "IC97470", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97470"}, {"name": "ibm-db2-cve20135466-xslt-dos(88365)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88365"}, {"name": "64334", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/64334"}, {"name": "IC97402", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97402"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660046"}, {"name": "IC97472", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97472"}, {"name": "IC97763", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97763"}, {"name": "IC97471", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97471"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-5466", "datePublished": "2013-12-18T11:00:00", "dateReserved": "2013-08-22T00:00:00", "dateUpdated": "2024-08-06T17:15:20.397Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*", "matchCriteriaId": "11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*", "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*", "matchCriteriaId": "D72D43DB-9A92-4E12-853B-F5FC9421D5EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_connect:9.5:*:*:*:*:*:*:*", "matchCriteriaId": "4CDD816C-7070-4118-845E-6205FE130A02", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_connect:9.7:*:*:*:*:*:*:*", "matchCriteriaId": "4A8DDC8C-92D4-4078-8C82-9CB27B0DBDD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_connect:9.8:*:*:*:*:*:*:*", "matchCriteriaId": "A174260C-45A3-4DE3-8B2C-82416196FFF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "B343CCB4-CE4B-44D2-A04E-69031CD649EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_connect:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "1EC398F4-AA9B-446B-ABE3-236A3F72FBB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2_purescale_feature_9.8:-:-:-:*:-:db2_enterprise_edition:*:*", "matchCriteriaId": "1D4080BB-DBF0-4125-B0D6-6CF217703045", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors."}, {"lang": "es", "value": "La librer\u00eda XSLT en IBM DB2 y DB2 Connect 9.5 hasta 10.5, y DB2 pureScale Feature 9.8 para Enterprise Server Edition, permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados."}], "id": "CVE-2013-5466", "lastModified": "2018-09-25T10:29:01.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-18T16:04:33.647", "references": [{"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97402"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97470"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97471"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97472"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC97763"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660046"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/64334"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88365"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}