header-logo
Suggest Exploit
vendor:
WebSphere DataPower XML Security Gateway XS40
by:
SecurityFocus
7.8
CVSS
HIGH
Remote Denial-of-Service
400
CWE
Product Name: WebSphere DataPower XML Security Gateway XS40
Affected Version From: 3.6.1.5
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: h:ibm:datapower_xml_security_gateway_xs40
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

IBM WebSphere DataPower XML Security Gateway XS40 Remote Denial-of-Service Vulnerability

IBM WebSphere DataPower XML Security Gateway XS40 is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input. Remote attackers can exploit this issue to cause the device to reboot, denying service to legitimate users. WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 is affected; other versions may also be vulnerable. The following string is sufficient to trigger this issue: ?abc?

Mitigation:

Upgrade to the latest version of WebSphere DataPower XML Security Gateway XS40
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/33169/info

IBM WebSphere DataPower XML Security Gateway XS40 is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input.

Remote attackers can exploit this issue to cause the device to reboot, denying service to legitimate users.

WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 is affected; other versions may also be vulnerable. 

The following string is sufficient to trigger this issue:

?abc?