CVE-2009-2865

Cisco Unified Communications Manager Express - Buffer Overflow via Crafted HTTP Requests

Title source: llm
STIX 2.1

Description

Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36498
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/53448
Patch, Vendor Advisory vendor-advisory x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8116.shtml
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2758
Patch, Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=18884
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/58335
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022932

Scores

EPSS 0.0555
EPSS Percentile 91.9%

Details

CWE
CWE-119
Status published
Products (5)
cisco/ios 12.4xw
cisco/ios 12.4xy
cisco/ios 12.4xz
cisco/ios 12.4ya
cisco/unified_communications_manager_express
Published Sep 28, 2009
Tracked Since Feb 18, 2026