Abstract Advisory Information
Security issue affecting the product VORDEL XML GATEWAY from the company AXWAY. A Deny of Service attack is possible against the product using a sequence of special crafted request. Vendor is informed about this vulnerability and the CVE ID is referenced into the release note of the product for the targeted version.
Author: Dominique Righetto
Version affected
7.2.2 for Linux operating system.
Common Vulnerability Scoring System
6.8
Patches
A patch is available for the version 7.2.2 but for Linux 64 bit only. The version 7.3.1 with SP1 and superior has the fix already installed by default.
Vulnerability Disclosure Timeline
- 2015-07-15: Security note sent to Axway support about the vulnerability.
- 2015-07-16: Response from the support with the patch and information about version already patched.
- 2015-07-18: Ask for CVE ID to MITRE.
- 2015-07-19: Ask to Axway support for presence of CVE ID.
- 2015-07-20: Response from Axway support about absence of CVE.
- 2015-07-21: Contact MITRE to inform them about absence of CVE.
- 2015-07-22: Received CVE ID from MITRE.
- 2015-07-23: Creation of this advisory note and ask to MITRE to publish CVE.