CyberSec.Space Logo
返回 CVE 浏览器

CVE-2009-0841

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1670%
EPSS Percentile10.92th
Published2009年3月31日
Last Modified2026年4月23日

Vulnerability Description

Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.

Affected Platforms (CPE)

📦
Osgeo

Mapserver

= 4.2.0
📦
Osgeo

Mapserver

= 4.4.0
📦
Osgeo

Mapserver

= 4.4.0
📦
Osgeo

Mapserver

= 4.4.0
📦
Osgeo

Mapserver

= 4.4.0
📦
Osgeo

Mapserver

= 4.6.0
📦
Osgeo

Mapserver

= 4.6.0
📦
Osgeo

Mapserver

= 4.6.0
📦
Osgeo

Mapserver

= 4.6.0
📦
Osgeo

Mapserver

= 4.6.0
📦
Osgeo

Mapserver

= 4.8.0
📦
Osgeo

Mapserver

= 4.8.0
📦
Osgeo

Mapserver

= 4.8.0
📦
Osgeo

Mapserver

= 4.8.0
📦
Osgeo

Mapserver

= 4.8.0
📦
Osgeo

Mapserver

= 4.10.0
📦
Osgeo

Mapserver

= 4.10.0
📦
Osgeo

Mapserver

= 4.10.0
📦
Osgeo

Mapserver

= 4.10.0
📦
Osgeo

Mapserver

= 4.10.0
📦
Osgeo

Mapserver

= 4.10.1
📦
Osgeo

Mapserver

= 4.10.2
📦
Osgeo

Mapserver

= 4.10.3
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.0.0
📦
Osgeo

Mapserver

= 5.2.0
📦
Osgeo

Mapserver

= 5.2.0
📦
Osgeo

Mapserver

= 5.2.0
📦
Osgeo

Mapserver

= 5.2.0
📦
Osgeo

Mapserver

= 5.2.0
📦
Osgeo

Mapserver

= 5.2.0
📦
Osgeo

Mapserver

= 5.2.1
📦
Umn

Mapserver

= 4.0
📦
Umn

Mapserver

= 4.0
📦
Umn

Mapserver

= 4.0

References & Advisories

🔗 http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html
🔗 http://secunia.com/advisories/34520
🔗 http://secunia.com/advisories/34603
🔗 http://trac.osgeo.org/mapserver/ticket/2942
🔗 http://www.debian.org/security/2009/dsa-1914
🔗 http://www.positronsecurity.com/advisories/2009-000.html
🔗 http://www.securityfocus.com/archive/1/502271/100/0/threaded
🔗 http://www.securityfocus.com/bid/34306

相关漏洞威胁

CVE-2009-117610.0

mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ...

CVE-2009-084010.0

Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2...

CVE-2009-083910.0

Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map...

CVE-2009-117710.0

Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown...