CVE-2008-0027

{"id": "CVE-2008-0027", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-01-17T03:00:00.000", "references": [{"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/28530", "source": "ykramarz@cisco.com"}, {"url": "http://securityreason.com/securityalert/3551", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml", "tags": ["Patch"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/archive/1/486432/100/0/threaded", "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/27313", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1019223", "source": "ykramarz@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2008/0171", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704", "source": "ykramarz@cisco.com"}, {"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/28530", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/3551", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/486432/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/27313", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1019223", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/0171", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en el servicio proveedor de Listas de Certificados Confiables (CTL, Certificate Trust List) (CTLProvider.exe) en Cisco Unified Communications Manager (CUCM) 4.2 anterior a 4.2(3)SR3 y 4.3 anterior a 4.3(1)SR1, y CallManager 4.0 y 4.1 anterior a 4.1(3)SR5c, permite a atacantes remotos provocar una denegaci\u00f3n de servicio o ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n larga."}], "lastModified": "2024-11-21T00:40:59.670", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_callmanager:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF04567B-73C5-4ACC-9B31-5C3BAAB6E641"}, {"criteria": "cpe:2.3:a:cisco:unified_callmanager:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC772518-51CC-4692-BEB2-2C9C2A215F44"}, {"criteria": "cpe:2.3:a:cisco:unified_callmanager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20A8643E-304C-4879-8CD5-209C1016DF31"}, {"criteria": "cpe:2.3:a:cisco:unified_callmanager:4.1\\(3\\)sr5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA1FF9B0-3BEB-4256-8D50-11CD6EEF04BD"}, {"criteria": "cpe:2.3:a:cisco:unified_callmanager:4.1\\(3\\)sr5b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D909C0AF-F213-4371-8A35-C5720B43ED90"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6C20851-DC17-4E89-A6C1-D1B52D47608F"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19432E5E-EA68-4B7A-8B99-DEBACBC3F160"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "577571D6-AC59-4A43-B9A5-7B6FC6D2046C"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}