Lucene search

[email protected]NVD:CVE-2009-0840

HistoryMar 31, 2009 - 6:24 p.m.

CVE-2009-0840

2009-03-3118:24:45

CWE-119

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

90.9%

JSON

Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.

Affected configurations

NVD

Node

osgeomapserverMatch4.2.0beta1

osgeomapserverMatch4.4.0

osgeomapserverMatch4.4.0beta1

osgeomapserverMatch4.4.0beta2

osgeomapserverMatch4.4.0beta3

osgeomapserverMatch4.6.0

osgeomapserverMatch4.6.0beta1

osgeomapserverMatch4.6.0beta2

osgeomapserverMatch4.6.0beta3

osgeomapserverMatch4.6.0rc1

osgeomapserverMatch4.8.0beta1

osgeomapserverMatch4.8.0beta2

osgeomapserverMatch4.8.0beta3

osgeomapserverMatch4.8.0rc1

osgeomapserverMatch4.8.0rc2

osgeomapserverMatch4.10.0

osgeomapserverMatch4.10.0beta1

osgeomapserverMatch4.10.0beta2

osgeomapserverMatch4.10.0beta3

osgeomapserverMatch4.10.0rc1

osgeomapserverMatch4.10.1

osgeomapserverMatch4.10.2

osgeomapserverMatch4.10.3

osgeomapserverMatch5.0.0

osgeomapserverMatch5.0.0beta1

osgeomapserverMatch5.0.0beta2

osgeomapserverMatch5.0.0beta3

osgeomapserverMatch5.0.0beta4

osgeomapserverMatch5.0.0beta5

osgeomapserverMatch5.0.0beta6

osgeomapserverMatch5.0.0rc1

osgeomapserverMatch5.0.0rc2

osgeomapserverMatch5.2.0

osgeomapserverMatch5.2.0beta1

osgeomapserverMatch5.2.0beta2

osgeomapserverMatch5.2.0beta3

osgeomapserverMatch5.2.0beta4

osgeomapserverMatch5.2.0rc1

osgeomapserverMatch5.2.1

umnmapserverMatch4.0

umnmapserverMatch4.0beta1

umnmapserverMatch4.0beta2

References

lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html

secunia.com/advisories/34520

secunia.com/advisories/34603

trac.osgeo.org/mapserver/ticket/2943

www.debian.org/security/2009/dsa-1914

www.positronsecurity.com/advisories/2009-000.html

www.securityfocus.com/archive/1/502271/100/0/threaded

www.securityfocus.com/bid/34306

www.securitytracker.com/id?1021952

exchange.xforce.ibmcloud.com/vulnerabilities/49545

www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html

www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

90.9%

JSON

Related for NVD:CVE-2009-0840

ubuntucve2 cvelist2 debiancve2 prion2 nessus7 cve2 redhatcve8 nvd1 openvas12 securityvulns4 debian1 osv1 fedora4 seebug1