CVE-2010-1612
https://notcve.org/view.php?id=CVE-2010-1612
The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances before 3.8.0.0, when a QLOGIC Ethernet interface is used, allow remote attackers to cause a denial of service (interface outage) via malformed ICMP packets to the 0.0.0.0 destination IP address. The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, y XML Security Gateway XS40 SOA Appliances anterior a v3.8.0.0, cuando una interfaz Ethernet QLOGIC se utiliza, permite a atacantes remotos provocar una denegación de servicio (corte de interfaz) a través de paquetes ICMP malformados a la dirección IP de destino 0.0.0.0. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC61364 http://www-01.ibm.com/support/docview.wss?uid=swg24024770 http://www-01.ibm.com/support/docview.wss?uid=swg24024771 http://www-01.ibm.com/support/docview.wss?uid=swg24024772 http://www-01.ibm.com/support/docview.wss? •
CVE-2009-0120 – IBM Websphere DataPower XML Security Gateway 3.6.1 XS40 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0120
The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data. El IBM WebSphere DataPower XML Security Gateway XS40 con firmware 3.6.1.5, permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo) mediante el envío de información sobre una conexión SSL, como se ha demostrado mediante la cadena de datos abc\r\n\r\n. • https://www.exploit-db.com/exploits/32712 http://securityreason.com/securityalert/4911 http://www.securityfocus.com/archive/1/499870/100/0/threaded http://www.securityfocus.com/bid/33169 http://www.securitytracker.com/id?1021547 http://www.vupen.com/english/advisories/2009/0111 • CWE-20: Improper Input Validation •