IBM Websphere DataPower XML Security Gateway 3.6.1 XS40 - Remote Denial of Service

EDB-ID:

32712


Author:

Erik

Type:

dos


Platform:

Multiple

Date:

2009-01-08


source: https://www.securityfocus.com/bid/33169/info

IBM WebSphere DataPower XML Security Gateway XS40 is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input.

Remote attackers can exploit this issue to cause the device to reboot, denying service to legitimate users.

WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 is affected; other versions may also be vulnerable. 

The following string is sufficient to trigger this issue:

?abc?