IBM WebSphere DataPower XML Security Gateway XS40 远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117217 漏洞类型 输入验证
发布时间 2009-01-08 更新时间 2009-01-29
CVE编号 CVE-2009-0120 CNNVD-ID CNNVD-200901-181
漏洞平台 Multiple CVSS评分 7.8
|漏洞来源
https://www.exploit-db.com/exploits/32712
https://cxsecurity.com/issue/WLB-2009010163
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-181
|漏洞详情
装有固件3.6.1.5的IBMWebSphereDataPowerXMLSecurityGatewayXS40版本允许远程攻击者通过越过已建立的SSL连接发送数据,比如abc\r\n\r\n字符串数据,来引起拒绝服务攻击(驱动程序重启)。
|漏洞EXP
source: http://www.securityfocus.com/bid/33169/info

IBM WebSphere DataPower XML Security Gateway XS40 is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input.

Remote attackers can exploit this issue to cause the device to reboot, denying service to legitimate users.

WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 is affected; other versions may also be vulnerable. 

The following string is sufficient to trigger this issue:

?abc?
|参考资料

来源:SECTRACK
名称:1021547
链接:http://www.securitytracker.com/id?1021547
来源:BID
名称:33169
链接:http://www.securityfocus.com/bid/33169
来源:BUGTRAQ
名称:20090108[IBMDatapowerXS40]DenialofService
链接:http://www.securityfocus.com/archive/1/archive/1/499870/100/0/threaded
来源:VUPEN
名称:ADV-2009-0111
链接:http://www.frsirt.com/english/advisories/2009/0111
来源:SREASON
名称:4911
链接:http://securityreason.com/securityalert/4911