TFS Gateway 4.0 Denial of Service Vulnerability

This can be solved by changing the way that TFS handles failed messages. By turning off the "returning the original message" to the sender of a message, this vulnerability is avoided.

TenFour has made a fixed version of TFS Gateway available to its customers from its website at:
The non-vulnerable version is build 219 and later, and does not allow the full message to be returned to the sender in the event of failure.


Privacy Statement
Copyright 2010, SecurityFocus