CVE-2009-20005
published 2025-09-16CVE-2009-20005: A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially…
PriorityP270critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.27%
66.2th percentile
A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a stack buffer, allowing an attacker to overwrite control structures and execute arbitrary code. It is unknown if this vulnerability was patched and an affected version range remains undefined.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intersystems_corporation | intersystems_cach | <= 2009.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP GET requests to the UtilConfigHome.csp endpoint for abnormally large argument/query string values, which may indicate a stack buffer overflow exploitation attempt. ↗
- →A Metasploit module exists for this vulnerability targeting Windows HTTP services of InterSystems Cache 2009.1; presence of this module's traffic patterns (e.g., large GET requests to UtilConfigHome.csp) should be flagged. ↗
- ·Patch status is unknown; no confirmed fixed version or affected version range has been established, making version-based detection unreliable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/intersystems_cache.rbhttps://www.exploit-db.com/exploits/16807https://www.intersystems.com/products/cache/https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.APP:INTERSYSTEMS-CACHE-OF.htmlhttps://www.vulncheck.com/advisories/intersystems-cache-stack-buffer-overflowhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/intersystems_cache.rbhttps://www.exploit-db.com/exploits/16807
2025-09-16
Published