The host is running IBM DB2 and is prone to information disclosure vulnerability.

Successful exploitation allows remote users to read arbitrary XML files. Impact Level: Application

Upgrade to IBM DB2 version 9.7 FP6 or later, For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg27007053

The flaw is caused due an error in the XML feature, which can be exploited to read arbitrary XML files via unknown vectors.

IBM DB2 version 9.7 before FP6

• http://en.securitylab.ru/nvd/428862.php
• http://osvdb.org/show/osvdb/82753
• http://www-01.ibm.com/support/docview.wss?uid=swg1IC81462
• http://www-01.ibm.com/support/docview.wss?uid=swg21592556
• http://xforce.iss.net/xforce/xfdb/73520

---

Updated on 2015-03-25