Lucene search

[email protected]NVD:CVE-2009-0842

HistoryMar 31, 2009 - 6:24 p.m.

CVE-2009-0842

2009-03-3118:24:45

CWE-200

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.4%

JSON

mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.

Affected configurations

NVD

Node

osgeomapserverMatch4.2.0beta1

osgeomapserverMatch4.4.0

osgeomapserverMatch4.4.0beta1

osgeomapserverMatch4.4.0beta2

osgeomapserverMatch4.4.0beta3

osgeomapserverMatch4.6.0

osgeomapserverMatch4.6.0beta1

osgeomapserverMatch4.6.0beta2

osgeomapserverMatch4.6.0beta3

osgeomapserverMatch4.6.0rc1

osgeomapserverMatch4.8.0beta1

osgeomapserverMatch4.8.0beta2

osgeomapserverMatch4.8.0beta3

osgeomapserverMatch4.8.0rc1

osgeomapserverMatch4.8.0rc2

osgeomapserverMatch4.10.0

osgeomapserverMatch4.10.0beta1

osgeomapserverMatch4.10.0beta2

osgeomapserverMatch4.10.0beta3

osgeomapserverMatch4.10.0rc1

osgeomapserverMatch4.10.1

osgeomapserverMatch4.10.2

osgeomapserverMatch4.10.3

osgeomapserverMatch5.0.0

osgeomapserverMatch5.0.0beta1

osgeomapserverMatch5.0.0beta2

osgeomapserverMatch5.0.0beta3

osgeomapserverMatch5.0.0beta4

osgeomapserverMatch5.0.0beta5

osgeomapserverMatch5.0.0beta6

osgeomapserverMatch5.0.0rc1

osgeomapserverMatch5.0.0rc2

osgeomapserverMatch5.2.0

osgeomapserverMatch5.2.0beta1

osgeomapserverMatch5.2.0beta2

osgeomapserverMatch5.2.0beta3

osgeomapserverMatch5.2.0beta4

osgeomapserverMatch5.2.0rc1

osgeomapserverMatch5.2.1

umnmapserverMatch4.0

umnmapserverMatch4.0beta1

umnmapserverMatch4.0beta2

References

lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html

secunia.com/advisories/34520

secunia.com/advisories/34603

trac.osgeo.org/mapserver/ticket/2941

www.debian.org/security/2009/dsa-1914

www.positronsecurity.com/advisories/2009-000.html

www.securityfocus.com/archive/1/502271/100/0/threaded

www.securityfocus.com/bid/34306

www.securitytracker.com/id?1021952

www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html

www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.4%

JSON

Related for NVD:CVE-2009-0842

cvelist1 prion1 cve1 ubuntucve1 debiancve1 securityvulns4 nessus4 openvas11 osv1 debian1 redhatcve7 fedora4 seebug1