First published: Tue Mar 31 2009(Updated: )
Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Umn Mapserver | =4.0 | |
Umn Mapserver | =4.0-beta1 | |
Umn Mapserver | =4.0-beta2 | |
Osgeo Mapserver | =4.2.0-beta1 | |
Osgeo Mapserver | =4.4.0-beta1 | |
Osgeo Mapserver | =4.4.0-beta2 | |
Osgeo Mapserver | =4.6.0-beta1 | |
Osgeo Mapserver | =4.6.0-beta2 | |
Osgeo Mapserver | =4.6.0-beta3 | |
Osgeo Mapserver | =4.8.0-beta2 | |
Osgeo Mapserver | =4.8.0-beta1 | |
Osgeo Mapserver | =4.8.0-beta3 | |
Osgeo Mapserver | =4.8.0-rc2 | |
Osgeo Mapserver | =4.8.0-rc1 | |
Osgeo Mapserver | =4.10.0 | |
Osgeo Mapserver | =4.10.0-beta1 | |
Osgeo Mapserver | =4.10.0-rc1 | |
Osgeo Mapserver | =4.10.0-beta3 | |
Osgeo Mapserver | =4.10.0-beta2 | |
Osgeo Mapserver | =4.10.2 | |
Osgeo Mapserver | =4.10.1 | |
Osgeo Mapserver | =4.10.3 | |
Osgeo Mapserver | =5.0.0-beta5 | |
Osgeo Mapserver | =5.0.0-beta6 | |
Osgeo Mapserver | =5.0.0-beta3 | |
Osgeo Mapserver | =5.0.0-beta4 | |
Osgeo Mapserver | =5.0.0-beta1 | |
Osgeo Mapserver | =5.0.0-beta2 | |
Osgeo Mapserver | =5.0.0-rc1 | |
Osgeo Mapserver | =5.2.0 | |
Osgeo Mapserver | =5.2.0-beta2 | |
Osgeo Mapserver | =5.2.0-beta1 | |
Osgeo Mapserver | =5.2.0-beta3 | |
Osgeo Mapserver | =5.2.0-beta4 | |
Osgeo Mapserver | =5.2.0-rc1 | |
Osgeo Mapserver | =5.2.1 | |
Osgeo Mapserver | =4.6.0 | |
Osgeo Mapserver | =4.6.0-rc1 | |
Osgeo Mapserver | =5.0.0-rc2 | |
Osgeo Mapserver | =5.0.0 | |
Osgeo Mapserver | =4.4.0 | |
Osgeo Mapserver | =4.4.0-beta3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.