Vulnerability Details : CVE-2009-0840
Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.
Vulnerability category: Overflow
Products affected by CVE-2009-0840
- cpe:2.3:a:umn:mapserver:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:umn:mapserver:4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-0840
2.97%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-0840
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2009-0840
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-0840
-
http://www.securityfocus.com/bid/34306
-
http://trac.osgeo.org/mapserver/ticket/2943
#2943 (Setting CONTENT_LENGTH of -1 for a POST request can lead to a buffer underflow error.) – MapServerVendor Advisory
-
http://www.securitytracker.com/id?1021952
Access Denied
-
http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html
[mapserver-users] MapServer 5.2.2 and 4.10.4 released with security fixesPatch
-
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html
[SECURITY] Fedora 9 Update: mapserver-5.2.2-1.fc9
-
http://www.debian.org/security/2009/dsa-1914
[SECURITY] [DSA 1914-1] New mapserver packages fix serveral vulnerabilities
-
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html
[SECURITY] Fedora 10 Update: mapserver-5.2.2-1.fc10
-
http://www.securityfocus.com/archive/1/502271/100/0/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/49545
MapServer mapserv CGI Content-Length buffer overflow CVE-2009-0840 Vulnerability Report
-
http://www.positronsecurity.com/advisories/2009-000.html
Positron Security LLC: Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3Exploit
Jump to