CVSS: 7.8EPSS: 1%CPEs: 77EXPL: 0CVE-2009-0626
https://notcve.org/view.php?id=CVE-2009-0626
The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet. La funcionalidad SSLVPN en Cisco IOS v12.3 hasta v12.4 permite a atacantes remotos provocar una denegación de servicio (reinicio o cuelgue del dispositivo) mediante paquetes HTTPS manipulados. • http://secunia.com/advisories/34438 http://securitytracker.com/id?1021896 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90424.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.securityfocus.com/bid/34239 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49425 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6919 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 2%CPEs: 3EXPL: 0CVE-2009-0635
https://notcve.org/view.php?id=CVE-2009-0635
Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets. Perdida de memoria en la funcionalidad de encapsulado de Cisco Tunneling Control Protocol (cTCP) en Cisco IOS v12.4, cuando se ha habilitado un servidor Easy VPN (conocido como EZVPN), permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del dispositivo) mediante una secuencia de paquetes TCP. • http://secunia.com/advisories/34438 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90459.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.securityfocus.com/bid/34246 http://www.securitytracker.com/id?1021895 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49417 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2009-0470 – Cisco IOS 12.4(23) - HTTP Server Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-0470
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el servidor HTTP en Cisco IOS v12.4(23) permite a atacantes remotos inyectar secuencias de comando web o HTML de su elección a través de PATH_INFO a la URI por defecto bajo (1)level/15/exec/-/ o (2)una vulnerabilidad diferente de CVE-2008-3821. • https://www.exploit-db.com/exploits/32776 http://secunia.com/advisories/33844 http://www.securityfocus.com/archive/1/500674/100/0/threaded http://www.securityfocus.com/bid/33625 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0471
https://notcve.org/view.php?id=CVE-2009-0471
Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el servidor HTTP en in Cisco IOS v12.4(23) permite a atacantes remotos ejecutar comandos de su elección, como se demostró ejecutando el comando hostname con una petición level/15/configure/-/hostname. • http://secunia.com/advisories/33844 http://www.securityfocus.com/archive/1/500674/100/0/threaded • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 284EXPL: 2CVE-2008-3821 – Cisco IOS 12.x - HTTP Server Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-3821
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el servidor HTTP en Cisco IOS v11.0 hasta v12.4, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante (1) la cadena query al programa ping o (2) otros aspectos no especificados de una URI. • https://www.exploit-db.com/exploits/32723 http://jvn.jp/en/jp/JVN28344798/index.html http://osvdb.org/51393 http://osvdb.org/51394 http://secunia.com/advisories/33461 http://securityreason.com/securityalert/4916 http://securitytracker.com/id?1021598 http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19 http://www.securityfocus.com/archive/1/500063/100/0/threaded http://www.securi • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •