CVE-2009-0841

Sažetak

Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.

Reference

http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html
http://trac.osgeo.org/mapserver/ticket/2942
http://www.positronsecurity.com/advisories/2009-000.html
http://www.securityfocus.com/bid/34306
http://www.securitytracker.com/id?1021952
http://secunia.com/advisories/34520
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html
http://secunia.com/advisories/34603
http://www.debian.org/security/2009/dsa-1914
https://exchange.xforce.ibmcloud.com/vulnerabilities/49548
http://www.securityfocus.com/archive/1/502271/100/0/threaded

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-06-2021 - 15:56

Objavljeno

31-03-2009 - 18:24