CVE-2009-0843
Last modified
CVE-2009-0843 is a vulnerability of currently unknown severity. The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists.. EPSS estimates a 3.13% chance of exploitation in the next 30 days.
Description
The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Osgeo | Mapserver | 4.2.0 | Beta1 |
| Osgeo | Mapserver | 4.4.0 | — |
| Osgeo | Mapserver | 4.6.0 | — |
| Osgeo | Mapserver | 4.8.0 | Beta1 |
| Osgeo | Mapserver | 4.10.0 | — |
| Osgeo | Mapserver | 4.10.1 | — |
| Osgeo | Mapserver | 4.10.2 | — |
| Osgeo | Mapserver | 4.10.3 | — |
| Osgeo | Mapserver | 5.0.0 | — |
| Osgeo | Mapserver | 5.2.0 | — |
| Osgeo | Mapserver | 5.2.1 | — |
| Umn | Mapserver | 4.0 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-0843?
How severe is CVE-2009-0843?
How do I fix CVE-2009-0843?
Are you affected by CVE-2009-0843?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST