PT-2009-2814 · Ibm · Ibm Websphere Datapower Xml Security Gateway Xs40

Erik

Published

2009-01-15

Updated

2018-10-11

CVE-2009-0120

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions IBM WebSphere DataPower XML Security Gateway XS40 version 3.6.1.5

Description The issue allows remote attackers to cause a denial of service, resulting in a device reboot, by sending specific data over an established SSL connection. An example of such data is the abcr r string.

Recommendations For IBM WebSphere DataPower XML Security Gateway XS40 version 3.6.1.5, consider restricting or validating the data sent over established SSL connections to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2009-0120

Affected Products

Ibm Websphere Datapower Xml Security Gateway Xs40

PT-2009-2814 · Ibm · Ibm Websphere Datapower Xml Security Gateway Xs40

CVE-2009-0120

Weakness Enumeration

Related Identifiers

Affected Products

References · 7