The vulnerability occurs in the session cookie parser and can be triggered by sending a long cookie to the web application. The exploit has been tested against multiple deployments of the XTMv (virtual appliances) version 11.7.4u1, running on various ESXi hardwares but not tested against a “physical” appliance (XTM) yet.
For more details go here – http://funoverip.net/2013/10/watchguard-cve-2013-6021-stack-based-buffer-overflow-exploit/