Vulnerability Details : CVE-2009-1906
Potential exploit
The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2009-1906
- cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp4a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp5:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp6:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp6a:*:*:*:*:*:*
Threat overview for CVE-2009-1906
Top countries where our scanners detected CVE-2009-1906
Top open port discovered on systems with this issue
523
IPs affected by CVE-2009-1906 17
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-1906!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-1906
0.83%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1906
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
References for CVE-2009-1906
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36683
Exploit;Patch;Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21293566
Patch
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38874
Exploit;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/35171
Jump to