Lucene search

[email protected]NVD:CVE-2009-0840

HistoryMar 31, 2009 - 6:24 p.m.

CVE-2009-0840

2009-03-3118:24:45

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.03

Percentile

90.9%

JSON

Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.

Affected configurations

Nvd

Node

osgeomapserverMatch4.2.0beta1

osgeomapserverMatch4.4.0

osgeomapserverMatch4.4.0beta1

osgeomapserverMatch4.4.0beta2

osgeomapserverMatch4.4.0beta3

osgeomapserverMatch4.6.0

osgeomapserverMatch4.6.0beta1

osgeomapserverMatch4.6.0beta2

osgeomapserverMatch4.6.0beta3

osgeomapserverMatch4.6.0rc1

osgeomapserverMatch4.8.0beta1

osgeomapserverMatch4.8.0beta2

osgeomapserverMatch4.8.0beta3

osgeomapserverMatch4.8.0rc1

osgeomapserverMatch4.8.0rc2

osgeomapserverMatch4.10.0

osgeomapserverMatch4.10.0beta1

osgeomapserverMatch4.10.0beta2

osgeomapserverMatch4.10.0beta3

osgeomapserverMatch4.10.0rc1

osgeomapserverMatch4.10.1

osgeomapserverMatch4.10.2

osgeomapserverMatch4.10.3

osgeomapserverMatch5.0.0

osgeomapserverMatch5.0.0beta1

osgeomapserverMatch5.0.0beta2

osgeomapserverMatch5.0.0beta3

osgeomapserverMatch5.0.0beta4

osgeomapserverMatch5.0.0beta5

osgeomapserverMatch5.0.0beta6

osgeomapserverMatch5.0.0rc1

osgeomapserverMatch5.0.0rc2

osgeomapserverMatch5.2.0

osgeomapserverMatch5.2.0beta1

osgeomapserverMatch5.2.0beta2

osgeomapserverMatch5.2.0beta3

osgeomapserverMatch5.2.0beta4

osgeomapserverMatch5.2.0rc1

osgeomapserverMatch5.2.1

umnmapserverMatch4.0

umnmapserverMatch4.0beta1

umnmapserverMatch4.0beta2

VendorProductVersionCPE
osgeomapserver4.2.0cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*
osgeomapserver4.4.0cpe:2.3:a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:*
osgeomapserver4.4.0cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:*
osgeomapserver4.4.0cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:*
osgeomapserver4.4.0cpe:2.3:a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:*
osgeomapserver4.6.0cpe:2.3:a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:*
osgeomapserver4.6.0cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:*
osgeomapserver4.6.0cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:*
osgeomapserver4.6.0cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:*
osgeomapserver4.6.0cpe:2.3:a:osgeo:mapserver:4.6.0:rc1:*:*:*:*:*:*

Vendor	Product	Version	CPE
osgeo	mapserver	4.2.0	cpe:2.3:a:osgeo:mapserver:4.2.0:beta1::::::
osgeo	mapserver	4.4.0	cpe:2.3:a:osgeo:mapserver:4.4.0:::::::*
osgeo	mapserver	4.4.0	cpe:2.3:a:osgeo:mapserver:4.4.0:beta1::::::
osgeo	mapserver	4.4.0	cpe:2.3:a:osgeo:mapserver:4.4.0:beta2::::::
osgeo	mapserver	4.4.0	cpe:2.3:a:osgeo:mapserver:4.4.0:beta3::::::
osgeo	mapserver	4.6.0	cpe:2.3:a:osgeo:mapserver:4.6.0:::::::*
osgeo	mapserver	4.6.0	cpe:2.3:a:osgeo:mapserver:4.6.0:beta1::::::
osgeo	mapserver	4.6.0	cpe:2.3:a:osgeo:mapserver:4.6.0:beta2::::::
osgeo	mapserver	4.6.0	cpe:2.3:a:osgeo:mapserver:4.6.0:beta3::::::
osgeo	mapserver	4.6.0	cpe:2.3:a:osgeo:mapserver:4.6.0:rc1::::::