CVE-2009-0842
Severity Score
7.5
*CVSS v3
Exploit Likelihood
< 1%
*EPSS
Affected Versions
42
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.
mapserv en MapServer 4.x versiones anteriores a v4.10.4 y 5.x versiones anteriores a v5.2.2 permite a atacantes remotos leer ficheros .map inválidos de su elección a través de una ruta completa en el parámetro "map", lo cual dispara la pantalla del contenido de un fichero parcial dentro de un mensaje de error, como lo demostrado por un symlink /tmp/sekrut.map.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-03-06 CVE Reserved
- 2009-03-31 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (11)
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2009/dsa-1914 | 2021-06-07 | |
| https://www.redhat.com/archives/fedora-package-announce/2009-Apri... | 2021-06-07 | |
| https://www.redhat.com/archives/fedora-package-announce/2009-Apri... | 2021-06-07 |
1 - 3 of 3