Lucene search

[email protected]NVD:CVE-2009-0841

HistoryMar 31, 2009 - 6:24 p.m.

CVE-2009-0841

2009-03-3118:24:45

CWE-22

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.2%

JSON

Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a … (dot dot) in the id parameter.

Affected configurations

NVD

Node

osgeomapserverMatch4.2.0beta1

osgeomapserverMatch4.4.0

osgeomapserverMatch4.4.0beta1

osgeomapserverMatch4.4.0beta2

osgeomapserverMatch4.4.0beta3

osgeomapserverMatch4.6.0

osgeomapserverMatch4.6.0beta1

osgeomapserverMatch4.6.0beta2

osgeomapserverMatch4.6.0beta3

osgeomapserverMatch4.6.0rc1

osgeomapserverMatch4.8.0beta1

osgeomapserverMatch4.8.0beta2

osgeomapserverMatch4.8.0beta3

osgeomapserverMatch4.8.0rc1

osgeomapserverMatch4.8.0rc2

osgeomapserverMatch4.10.0

osgeomapserverMatch4.10.0beta1

osgeomapserverMatch4.10.0beta2

osgeomapserverMatch4.10.0beta3

osgeomapserverMatch4.10.0rc1

osgeomapserverMatch4.10.1

osgeomapserverMatch4.10.2

osgeomapserverMatch4.10.3

osgeomapserverMatch5.0.0

osgeomapserverMatch5.0.0beta1

osgeomapserverMatch5.0.0beta2

osgeomapserverMatch5.0.0beta3

osgeomapserverMatch5.0.0beta4

osgeomapserverMatch5.0.0beta5

osgeomapserverMatch5.0.0beta6

osgeomapserverMatch5.0.0rc1

osgeomapserverMatch5.0.0rc2

osgeomapserverMatch5.2.0

osgeomapserverMatch5.2.0beta1

osgeomapserverMatch5.2.0beta2

osgeomapserverMatch5.2.0beta3

osgeomapserverMatch5.2.0beta4

osgeomapserverMatch5.2.0rc1

osgeomapserverMatch5.2.1

umnmapserverMatch4.0

umnmapserverMatch4.0beta1

umnmapserverMatch4.0beta2

References

lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html

secunia.com/advisories/34520

secunia.com/advisories/34603

trac.osgeo.org/mapserver/ticket/2942

www.debian.org/security/2009/dsa-1914

www.positronsecurity.com/advisories/2009-000.html

www.securityfocus.com/archive/1/502271/100/0/threaded

www.securityfocus.com/bid/34306

www.securitytracker.com/id?1021952

exchange.xforce.ibmcloud.com/vulnerabilities/49548

www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html

www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.2%

JSON

Related for NVD:CVE-2009-0841

debiancve1 ubuntucve1 prion1 cvelist1 cve1 securityvulns4 nessus4 osv1 debian1 openvas11 fedora4 seebug1 redhatcve7