CVE-2009-0841

high

Description

Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.

References

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/49548

http://www.securitytracker.com/id?1021952

http://www.securityfocus.com/bid/34306

http://www.securityfocus.com/archive/1/502271/100/0/threaded

http://www.debian.org/security/2009/dsa-1914

http://trac.osgeo.org/mapserver/ticket/2942

http://secunia.com/advisories/34603

http://secunia.com/advisories/34520

http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html

Details

Source: Mitre, NVD

Published: 2009-03-31

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

Detections

Analytics