Details of VAR-200901-0269

ID

VAR-200901-0269

CVE

CVE-2009-0120

TITLE

IBM WebSphere DataPower XML Security Gateway XS40 Remote Denial Of Service Vulnerability

Trust: 0.9

sources: BID: 33169 // CNNVD: CNNVD-200901-181

DESCRIPTION

The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data. Remote attackers can exploit this issue to cause the device to reboot, denying service to legitimate users. WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 is affected; other versions may also be vulnerable

Trust: 1.98

sources: NVD: CVE-2009-0120 // JVNDB: JVNDB-2009-001670 // BID: 33169 // VULHUB: VHN-37566

AFFECTED PRODUCTS

vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.6.1.5	Trust: 2.7
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	ne	version:	3.6.1.12	Trust: 0.3

sources: BID: 33169 // JVNDB: JVNDB-2009-001670 // CNNVD: CNNVD-200901-181 // NVD: CVE-2009-0120

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-0120
value:	HIGH
Trust: 1.0
NVD:	CVE-2009-0120
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200901-181
value:	HIGH
Trust: 0.6
VULHUB:	VHN-37566
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-0120
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-37566
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-37566 // JVNDB: JVNDB-2009-001670 // CNNVD: CNNVD-200901-181 // NVD: CVE-2009-0120

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-37566 // JVNDB: JVNDB-2009-001670 // NVD: CVE-2009-0120

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200901-181

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200901-181

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-001670

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-37566

PATCH

title:

Top Page

url:

http://www.ibm.com/us/en/

Trust: 0.8

sources: JVNDB: JVNDB-2009-001670

EXTERNAL IDS

db:	NVD	id:	CVE-2009-0120	Trust: 2.5
db:	BID	id:	33169	Trust: 2.0
db:	VUPEN	id:	ADV-2009-0111	Trust: 1.7
db:	SREASON	id:	4911	Trust: 1.7
db:	SECTRACK	id:	1021547	Trust: 1.7
db:	JVNDB	id:	JVNDB-2009-001670	Trust: 0.8
db:	CNNVD	id:	CNNVD-200901-181	Trust: 0.7
db:	BUGTRAQ	id:	20090108 [IBM DATAPOWER XS40] DENIAL OF SERVICE	Trust: 0.6
db:	SEEBUG	id:	SSVID-85991	Trust: 0.1
db:	EXPLOIT-DB	id:	32712	Trust: 0.1
db:	VULHUB	id:	VHN-37566	Trust: 0.1

sources: VULHUB: VHN-37566 // BID: 33169 // JVNDB: JVNDB-2009-001670 // CNNVD: CNNVD-200901-181 // NVD: CVE-2009-0120

REFERENCES

url:	http://www.securityfocus.com/bid/33169	Trust: 1.7
url:	http://www.securitytracker.com/id?1021547	Trust: 1.7
url:	http://securityreason.com/securityalert/4911	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/499870/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2009/0111	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0120	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0120	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/499870/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2009/0111	Trust: 0.6
url:	http://www-01.ibm.com/software/integration/datapower/xs40/	Trust: 0.3
url:	/archive/1/499870	Trust: 0.3

sources: VULHUB: VHN-37566 // BID: 33169 // JVNDB: JVNDB-2009-001670 // CNNVD: CNNVD-200901-181 // NVD: CVE-2009-0120

CREDITS

erikpsafe.nl

Trust: 0.6

sources: CNNVD: CNNVD-200901-181

SOURCES

db:	VULHUB	id:	VHN-37566
db:	BID	id:	33169
db:	JVNDB	id:	JVNDB-2009-001670
db:	CNNVD	id:	CNNVD-200901-181
db:	NVD	id:	CVE-2009-0120

LAST UPDATE DATE

2025-04-10T23:16:32.910000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-37566	date:	2018-10-11T00:00:00
db:	BID	id:	33169	date:	2009-01-08T18:42:00
db:	JVNDB	id:	JVNDB-2009-001670	date:	2009-07-08T00:00:00
db:	CNNVD	id:	CNNVD-200901-181	date:	2009-01-29T00:00:00
db:	NVD	id:	CVE-2009-0120	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-37566	date:	2009-01-15T00:00:00
db:	BID	id:	33169	date:	2009-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2009-001670	date:	2009-07-08T00:00:00
db:	CNNVD	id:	CNNVD-200901-181	date:	2009-01-15T00:00:00
db:	NVD	id:	CVE-2009-0120	date:	2009-01-15T00:30:00.280