cbcvebase.
CVE-2009-20005
published 2025-09-16

CVE-2009-20005: A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially…

PriorityP270critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.27%
66.2th percentile
A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a stack buffer, allowing an attacker to overwrite control structures and execute arbitrary code. It is unknown if this vulnerability was patched and an affected version range remains undefined.

Affected

1 ranges
VendorProductVersion rangeFixed in
intersystems_corporationintersystems_cach<= 2009.1

Detection & IOCsextracted from sources · hover to see the quote

url/csp/sys/UtilConfigHome.csp
commandGET /csp/sys/UtilConfigHome.csp?[oversized_argument]
  • Monitor HTTP GET requests to the UtilConfigHome.csp endpoint for abnormally large argument/query string values, which may indicate a stack buffer overflow exploitation attempt.
  • A Metasploit module exists for this vulnerability targeting Windows HTTP services of InterSystems Cache 2009.1; presence of this module's traffic patterns (e.g., large GET requests to UtilConfigHome.csp) should be flagged.
  • ·Patch status is unknown; no confirmed fixed version or affected version range has been established, making version-based detection unreliable.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.