CyberSec.Space Logo
Back to CVE Browser

CVE-2009-0841

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1670%
EPSS Percentile10.92th
PublishedMar 31, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.

Affected Platforms (CPE)

πŸ“¦
Osgeo

Mapserver

= 4.2.0
πŸ“¦
Osgeo

Mapserver

= 4.4.0
πŸ“¦
Osgeo

Mapserver

= 4.4.0
πŸ“¦
Osgeo

Mapserver

= 4.4.0
πŸ“¦
Osgeo

Mapserver

= 4.4.0
πŸ“¦
Osgeo

Mapserver

= 4.6.0
πŸ“¦
Osgeo

Mapserver

= 4.6.0
πŸ“¦
Osgeo

Mapserver

= 4.6.0
πŸ“¦
Osgeo

Mapserver

= 4.6.0
πŸ“¦
Osgeo

Mapserver

= 4.6.0
πŸ“¦
Osgeo

Mapserver

= 4.8.0
πŸ“¦
Osgeo

Mapserver

= 4.8.0
πŸ“¦
Osgeo

Mapserver

= 4.8.0
πŸ“¦
Osgeo

Mapserver

= 4.8.0
πŸ“¦
Osgeo

Mapserver

= 4.8.0
πŸ“¦
Osgeo

Mapserver

= 4.10.0
πŸ“¦
Osgeo

Mapserver

= 4.10.0
πŸ“¦
Osgeo

Mapserver

= 4.10.0
πŸ“¦
Osgeo

Mapserver

= 4.10.0
πŸ“¦
Osgeo

Mapserver

= 4.10.0
πŸ“¦
Osgeo

Mapserver

= 4.10.1
πŸ“¦
Osgeo

Mapserver

= 4.10.2
πŸ“¦
Osgeo

Mapserver

= 4.10.3
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.1
πŸ“¦
Umn

Mapserver

= 4.0
πŸ“¦
Umn

Mapserver

= 4.0
πŸ“¦
Umn

Mapserver

= 4.0

References & Advisories

πŸ”— http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html
πŸ”— http://secunia.com/advisories/34520
πŸ”— http://secunia.com/advisories/34603
πŸ”— http://trac.osgeo.org/mapserver/ticket/2942
πŸ”— http://www.debian.org/security/2009/dsa-1914
πŸ”— http://www.positronsecurity.com/advisories/2009-000.html
πŸ”— http://www.securityfocus.com/archive/1/502271/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/34306

Related Vulnerabilities

CVE-2009-117610.0

mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ...

CVE-2009-084010.0

Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2...

CVE-2009-083910.0

Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map...

CVE-2009-117710.0

Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown...