Lucene search

K

MitreCVELIST:CVE-2009-0843

HistoryMar 31, 2009 - 6:00 p.m.

CVE-2009-0843

2009-03-3118:00:00

mitre

www.cve.org

2

AI Score

6.3

Confidence

Low

EPSS

0.006

Percentile

79.3%

The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists.

References

lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html

secunia.com/advisories/34520

secunia.com/advisories/34603

trac.osgeo.org/mapserver/ticket/2939

www.debian.org/security/2009/dsa-1914

www.positronsecurity.com/advisories/2009-000.html

www.securityfocus.com/archive/1/502271/100/0/threaded

www.securityfocus.com/bid/34306

www.securitytracker.com/id?1021952

www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html

www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html

AI Score

6.3

Confidence

Low

EPSS

0.006

Percentile

79.3%

Related for CVELIST:CVE-2009-0843

nvd1 cve1 ubuntucve1 prion1 debiancve1 securityvulns4 osv1 openvas11 nessus4 debian1 fedora4 redhatcve7 seebug1