VAR-200901-0269
Vulnerability from variot - Updated: 2025-04-10 23:16The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data. Remote attackers can exploit this issue to cause the device to reboot, denying service to legitimate users. WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 is affected; other versions may also be vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200901-0269",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "websphere datapower xml security gateway xs40",
"scope": "eq",
"trust": 2.7,
"vendor": "ibm",
"version": "3.6.1.5"
},
{
"model": "websphere datapower xml security gateway xs40",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.6.1.12"
}
],
"sources": [
{
"db": "BID",
"id": "33169"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001670"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-181"
},
{
"db": "NVD",
"id": "CVE-2009-0120"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:ibm:websphere_datapower_xml_security_gateway_xs40",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001670"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "erikpsafe.nl",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-181"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0120",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-0120",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-37566",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0120",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-0120",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200901-181",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-37566",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37566"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001670"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-181"
},
{
"db": "NVD",
"id": "CVE-2009-0120"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\\r\\n\\r\\n string data. \nRemote attackers can exploit this issue to cause the device to reboot, denying service to legitimate users. \nWebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 is affected; other versions may also be vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0120"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001670"
},
{
"db": "BID",
"id": "33169"
},
{
"db": "VULHUB",
"id": "VHN-37566"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-37566",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37566"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0120",
"trust": 2.5
},
{
"db": "BID",
"id": "33169",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2009-0111",
"trust": 1.7
},
{
"db": "SREASON",
"id": "4911",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1021547",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001670",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200901-181",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20090108 [IBM DATAPOWER XS40] DENIAL OF SERVICE",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-85991",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "32712",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-37566",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37566"
},
{
"db": "BID",
"id": "33169"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001670"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-181"
},
{
"db": "NVD",
"id": "CVE-2009-0120"
}
]
},
"id": "VAR-200901-0269",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-37566"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:16:32.910000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ibm.com/us/en/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001670"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37566"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001670"
},
{
"db": "NVD",
"id": "CVE-2009-0120"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/33169"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1021547"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/4911"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/499870/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/0111"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0120"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0120"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/499870/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2009/0111"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/software/integration/datapower/xs40/"
},
{
"trust": 0.3,
"url": "/archive/1/499870"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37566"
},
{
"db": "BID",
"id": "33169"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001670"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-181"
},
{
"db": "NVD",
"id": "CVE-2009-0120"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-37566"
},
{
"db": "BID",
"id": "33169"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001670"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-181"
},
{
"db": "NVD",
"id": "CVE-2009-0120"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-01-15T00:00:00",
"db": "VULHUB",
"id": "VHN-37566"
},
{
"date": "2009-01-08T00:00:00",
"db": "BID",
"id": "33169"
},
{
"date": "2009-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001670"
},
{
"date": "2009-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-181"
},
{
"date": "2009-01-15T00:30:00.280000",
"db": "NVD",
"id": "CVE-2009-0120"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-37566"
},
{
"date": "2009-01-08T18:42:00",
"db": "BID",
"id": "33169"
},
{
"date": "2009-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001670"
},
{
"date": "2009-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-181"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0120"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-181"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM WebSphere DataPower XML Security Gateway XS40 Remote Denial Of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "33169"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-181"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-181"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…