CVE-2014-8910 - Eastward Asses

Description

IBM DB2 9.7 through FP10 9.8 through FP5 10.1 before FP5 and 10.5 through FP5 on Linux UNIX and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg1IT06355 http://www-01.ibm.com/support/docview.wss?uid=swg1IT06356 http://www-01.ibm.com/support/docview.wss?uid=swg21697988 http://www-01.ibm.com/support/docview.wss?uid=swg1IT06354 http://www-01.ibm.com/support/docview.wss?uid=swg1IT06353 http://www.securityfocus.com/bid/75949 http://www.securitytracker.com/id/1032883