cbcvebase.
CVE-2009-0841
published 2009-03-31

CVE-2009-0841: Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows…

PriorityP346critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.28%
91.5th percentile
Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.

Affected

17 ranges
VendorProductVersion rangeFixed in
debianmapserver< mapserver 5.2.2-1 (bookworm)mapserver 5.2.2-1 (bookworm)
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver
osgeomapserver>= 0 < 5.2.2-15.2.2-1
osgeomapserver>= 0 < 5.2.2-15.2.2-1
osgeomapserver>= 0 < 5.2.2-15.2.2-1
osgeomapserver>= 0 < 5.2.2-15.2.2-1
umnmapserver

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.