FKIE_CVE-2009-0059

Vulnerability from fkie_nvd - Published: 2009-02-05 00:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service (device reload) via a web authentication (aka WebAuth) session that includes a malformed POST request to login.html.
References
psirt@cisco.comhttp://secunia.com/advisories/33749
psirt@cisco.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtmlVendor Advisory
psirt@cisco.comhttp://www.securityfocus.com/bid/33608
psirt@cisco.comhttp://www.securitytracker.com/id?1021679
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33749
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/33608
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021679
Impacted products
Vendor Product Version
cisco 4400_wireless_lan_controller 4.1
cisco 4400_wireless_lan_controller 4.2
cisco 4400_wireless_lan_controller 5.2
cisco catalyst_3750_series_integrated_wireless_lan_controller 4.1
cisco catalyst_3750_series_integrated_wireless_lan_controller 4.2
cisco catalyst_3750_series_integrated_wireless_lan_controller 5.2
cisco catalyst_6500_series_integrated_wireless_lan_controller 4.1
cisco catalyst_6500_series_integrated_wireless_lan_controller 4.2
cisco catalyst_6500_series_integrated_wireless_lan_controller 5.2
cisco catalyst_7600_series_wireless_lan_controller 4.1
cisco catalyst_7600_series_wireless_lan_controller 4.2
cisco catalyst_7600_series_wireless_lan_controller 5.2
cisco wireless_lan_controller_software 4.1
cisco wireless_lan_controller_software 4.2
cisco wireless_lan_controller_software 5.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:4400_wireless_lan_controller:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB886E18-A1F0-4A05-AFBF-FFC4FA72373C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:4400_wireless_lan_controller:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5561784-ACF8-4CCD-94FA-AAA17AC8363E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:4400_wireless_lan_controller:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5830E746-BD5C-43A6-914F-1D8411E235E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49DECEDD-4D87-455B-BC28-6227ABC49714",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D797EE92-8C85-4C83-A96A-DF1922712742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_3750_series_integrated_wireless_lan_controller:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1C016C-30FA-4F76-883B-12712316F750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FFC9F3-8342-4A71-9731-14EF90C8E678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E82E205F-2FA0-4030-8BC9-D622FCF015BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6500_series_integrated_wireless_lan_controller:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "54A95FA8-80E7-4995-ABE8-86326E698017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_7600_series_wireless_lan_controller:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB9B9EF-1ADF-4C04-A9C4-EF87EF999D7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_7600_series_wireless_lan_controller:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59B5CEE-8756-4A42-B9BA-489CE0DE5AA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_7600_series_wireless_lan_controller:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F21CDB-2DFE-4781-8FC6-DF449FB6FA64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F3A8DBB-9E82-4428-9034-391F662DFA0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC1E1F40-ECB6-42FB-838E-998B1893D5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1511CA9-B471-49D6-9BEE-1BADE6EC61E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service (device reload) via a web authentication (aka WebAuth) session that includes a malformed POST request to login.html."
    },
    {
      "lang": "es",
      "value": "El Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), y Cisco Catalyst 3750 Integrated Wireless LAN Controller con software v4.x anterior a v4.2.176.0 y v5.2.x anterior a 5.2.157.0; permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio de dispositivo) a trav\u00e9s de una sesi\u00f3n de autenticaci\u00f3n Web (tambi\u00e9n conocido WebAuth) que incluye una solicitud POST mal formada a login.html."
    }
  ],
  "id": "CVE-2009-0059",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-02-05T00:30:00.280",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://secunia.com/advisories/33749"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/33608"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id?1021679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021679"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.