CVE-2009-2865
Cisco Unified Communications Manager Express - Buffer Overflow via Crafted HTTP Requests
Title source: llmDescription
Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36498
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/53448
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8116.shtml
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2758
Patch, Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=18884
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/58335
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022932
Scores
EPSS
0.0555
EPSS Percentile
91.9%
Details
CWE
CWE-119
Status
published
Products (5)
cisco/ios
12.4xw
cisco/ios
12.4xy
cisco/ios
12.4xz
cisco/ios
12.4ya
cisco/unified_communications_manager_express
Published
Sep 28, 2009
Tracked Since
Feb 18, 2026