Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21128
HistoryJan 11, 2009 - 12:00 a.m.

[IBM Datapower XS40] Denial of Service

2009-01-1100:00:00
vulners.com
10
JSON

It appears it is possible to crash the IBM DataPower XS40 Security Gateway device by sending a
simple (random?) string to it, over an established SSL-connection. The device reboots as a response
to the input.

Tested vulnerable firmware is 3.6.1.5
Issue fixed as tested in 3.6.1.12

Tested as follows (entered attack-string is ґabcґ in this case):
openssl s_client -connect [IP]:[port]
Loading 'screen' into random state - done
CONNECTED(0000078C)

abc [enter][enter]

read:errno=0

After this, the device crashes and reboots

JSON