CVE-2009-2865

https://notcve.org/view.php?id=CVE-2009-2865

Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779. Desbordamiento de búfer en la implementación del inicio de sesión de la característica "Extension Mobility" del componente "Unified Communications Manager Express" (CME) de Cisco IOS v12.4XW, v12.4XY, v12.4XZ y v12.4YA. Permite a usuarios remotos ejecutar código de su elección o provocar una denegación de servicio a través de peticiones HTTP modificadas. También conocido como Bug ID CSCsq58779. • http://osvdb.org/58335 http://tools.cisco.com/security/center/viewAlert.x?alertId=18884 http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8116.shtml http://www.securityfocus.com/bid/36498 http://www.securitytracker.com/id?1022932 http://www.vupen.com/english/advisories/2009/2758 https://exchange.xforce.ibmcloud.com/vulnerabilities/53448 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •