CVE-2009-0059

Name of the Vulnerable Software and Affected Versions Cisco Wireless LAN Controller versions 4.x through 4.2.175.0 Cisco Wireless LAN Controller versions 5.2.x through 5.2.156.0 Cisco Catalyst 6500 Wireless Services Module versions 4.x through 4.2.175.0 Cisco Catalyst 6500 Wireless Services Module versions 5.2.x through 5.2.156.0 Cisco Catalyst 3750 Integrated Wireless LAN Controller versions 4.x through 4.2.175.0 Cisco Catalyst 3750 Integrated Wireless LAN Controller versions 5.2.x through 5.2.156.0

Description The issue allows remote attackers to cause a denial of service via a web authentication session that includes a malformed POST request to the "login.html" endpoint. Multiple vulnerabilities exist, including denial of service and privilege escalation vulnerabilities. These vulnerabilities are independent of each other.

Recommendations For Cisco Wireless LAN Controller version 4.x, update to version 4.2.176.0 or later. For Cisco Wireless LAN Controller version 5.2.x, update to version 5.2.157.0 or later. For Cisco Catalyst 6500 Wireless Services Module version 4.x, update to version 4.2.176.0 or later. For Cisco Catalyst 6500 Wireless Services Module version 5.2.x, update to version 5.2.157.0 or later. For Cisco Catalyst 3750 Integrated Wireless LAN Controller version 4.x, update to version 4.2.176.0 or later. For Cisco Catalyst 3750 Integrated Wireless LAN Controller version 5.2.x, update to version 5.2.157.0 or later.