Boletines de Vulnerabilidades

IBM Security Bulletin: IBM® DB2® is impacted by multiple TLS/SSL security vulnerabilities (CVE-2013-6747, CVE-2014-0963)

Información sobre el sistema
   
Software afectado IBM

Descripción
IBM DB2 for Linux, Unix and Windows is affected by multiple problems related to the SSL implementation, which, under very specific conditions, can cause DB2 server to become unresponsive, hang or crash. By default, DB2 does not use TLS/SSL for client-server communication and therefore, potential exposure only exists if you are using TLS/SSL. CVE(s): CVE-2013-6747 and CVE-2014-0963 Affected product(s) and affected version(s): The following IBM DB2 and DB2 Connect V9.1, V9.5, V9.7, V10.1 and

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_db2_is_impacted_by_multiple_tls_ssl_security_vulnerabilities_cve_2013_6747_cve_2014_0963?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2013-6747 ,CVE-2014-0963 ,CVE-2013-6744 and CVE-2014-0114.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-05-27

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT