Abstract Advisory Information
Security issue affecting the product VORDEL XML GATEWAY from the company AXWAY. A Deny of Service attack is possible against the product using a sequence of special crafted request. Vendor is informed about this vulnerability and the CVE ID is referenced into the release note of the product for the targeted version.
7.2.2 for Linux operating system.
Common Vulnerability Scoring System
A patch is available for the version 7.2.2 but for Linux 64 bit only. The version 7.3.1 with SP1 and superior has the fix already installed by default.
Vulnerability Disclosure Timeline
- 2015-07-15: Security note sent to Axway support about the vulnerability.
- 2015-07-16: Response from the support with the patch and information about version already patched.
- 2015-07-18: Ask for CVE ID to MITRE.
- 2015-07-19: Ask to Axway support for presence of CVE ID.
- 2015-07-20: Response from Axway support about absence of CVE.
- 2015-07-21: Contact MITRE to inform them about absence of CVE.
- 2015-07-22: Received CVE ID from MITRE.
- 2015-07-23: Creation of this advisory note and ask to MITRE to publish CVE.