返回 CVE 瀏覽器

CVE-2011-0344

MEDIUM

5.8

CVSS Severity Score

EPSS Score0.0950%

EPSS Percentile12.54th

Published2011年3月8日

Last Modified2026年4月29日

Vulnerability Description

Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server (CS) in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP headers.

Affected Platforms (CPE)

📦

Alcatel Lucent

Omnipcx

<= 9.0

📦

Alcatel Lucent

Omnipcx

= 5.0

📦

Alcatel Lucent

Omnipcx

= 6.2

📦

Alcatel Lucent

Omnipcx

= 7.0

📦

Alcatel Lucent

Omnipcx

= 7.1

📦

Alcatel Lucent

Omnipcx

= 8.0

References & Advisories

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=896

🔗 http://secunia.com/advisories/43588

🔗 http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011001.pdf

🔗 http://www.securityfocus.com/bid/46640

🔗 http://www.vupen.com/english/advisories/2011/0549

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/65849

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=896

🔗 http://secunia.com/advisories/43588

相關漏洞威脅

CVE-2008-133110.0

cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and ...

CVE-2002-169110.0

Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attacker...

CVE-2007-30109.8

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attack...

CVE-2007-53618.5

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an I...