CVE-2009-0841

N/A Unknown

Published: March 31, 2009 Modified: April 23, 2026

Description

Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html

Source: cve@mitre.org

Patch

http://secunia.com/advisories/34520

Source: cve@mitre.org

http://secunia.com/advisories/34603

Source: cve@mitre.org

http://trac.osgeo.org/mapserver/ticket/2942

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2009/dsa-1914

Source: cve@mitre.org

http://www.positronsecurity.com/advisories/2009-000.html

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/502271/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/34306

Source: cve@mitre.org

http://www.securitytracker.com/id?1021952

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/49548

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html

Source: cve@mitre.org

http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html