Vulnerability Description
The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances before 3.8.0.0, when a QLOGIC Ethernet interface is used, allow remote attackers to cause a denial of service (interface outage) via malformed ICMP packets to the 0.0.0.0 destination IP address.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Datapower Xml Accelerator Xa35 | <= 3.7.3.10 |
| Qlogic | Ethernet | All versions |
| Ibm | Websphere Datapower Xml Security Gateway Xs40 | <= 3.7.3.10 |
| Ibm | Websphere Datapower Datapower Integration Appliance Xi50 | <= 3.7.3.10 |
| Ibm | Websphere Datapower B2B Appliance Xb60 | <= 3.7.3.10 |
| Ibm | Websphere Datapower Low Latency Appliance Xm70 | <= 3.7.3.10 |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC61364PatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg24024770Patch
- http://www-01.ibm.com/support/docview.wss?uid=swg24024771Patch
- http://www-01.ibm.com/support/docview.wss?uid=swg24024772Patch
- http://www-01.ibm.com/support/docview.wss?uid=swg24024773Patch
- http://www-01.ibm.com/support/docview.wss?uid=swg24024774Patch
- http://www.securityfocus.com/archive/1/509163/100/0/threaded
- http://www.securityfocus.com/bid/37952
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC61364PatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg24024770Patch
- http://www-01.ibm.com/support/docview.wss?uid=swg24024771Patch
- http://www-01.ibm.com/support/docview.wss?uid=swg24024772Patch
- http://www-01.ibm.com/support/docview.wss?uid=swg24024773Patch
- http://www-01.ibm.com/support/docview.wss?uid=swg24024774Patch
- http://www.securityfocus.com/archive/1/509163/100/0/threaded
FAQ
What is CVE-2010-1612?
CVE-2010-1612 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances before 3.8.0.0, when a QLOGIC...
How severe is CVE-2010-1612?
CVE-2010-1612 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1612?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Datapower Xml Accelerator Xa35, Qlogic Ethernet, Ibm Websphere Datapower Xml Security Gateway Xs40, Ibm Websphere Datapower Datapower Integration Appliance Xi50, Ibm Websphere Datapower B2B Appliance Xb60.