CVE-2015-5606

CVE-2015-5606

by webmestre

Abstract Advisory Information

Security issue affecting the product VORDEL XML GATEWAY from the company AXWAY. A Deny of Service attack is possible against the product using a sequence of special crafted request. Vendor is informed about this vulnerability and the CVE ID is referenced into the release note of the product for the targeted version.

Authors: Dominique Righetto

Version affected

7.2.2  for Linux operating system.

Common Vulnerability Scoring System

6.8

Patches

A patch is available  for the version 7.2.2 but for Linux 64 bit only. The version 7.3.1 with SP1 and superior has the fix already installed by default.

Vulnerability Disclosure Timeline

  • 2015-07-15: Security note sent to Axway support about the vulnerability.
  • 2015-07-16: Response from the support with the patch and information about version already patched.
  • 2015-07-18: Ask for CVE ID to MITRE.
  • 2015-07-19: Ask to Axway support for presence of CVE ID.
  • 2015-07-20: Response from Axway support about absence of CVE.
  • 2015-07-21: Contact MITRE to inform them about absence of CVE.
  • 2015-07-22: Received CVE ID from MITRE.
  • 2015-07-23: Creation of this advisory note and ask to MITRE to publish CVE.
Top