CVE-2009-0120

IBM WebSphere DataPower XML Security Gateway XS40 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0120. PoCs published by Erik.

AI-analyzed exploit summary This exploit triggers a denial-of-service vulnerability in IBM WebSphere DataPower XML Security Gateway XS40 by sending a specific string ('?abc?') that causes the device to reboot. The issue stems from improper handling of user-supplied input.

Description

The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Erik · textdosmultiple

https://www.exploit-db.com/exploits/32712

View Code ZIP pw:eip

This exploit triggers a denial-of-service vulnerability in IBM WebSphere DataPower XML Security Gateway XS40 by sending a specific string ('?abc?') that causes the device to reboot. The issue stems from improper handling of user-supplied input.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK