What is the severity of CVE-2009-0842?

CVE-2009-0842 has been classified with a medium severity rating due to its potential for information disclosure.

How do I fix CVE-2009-0842?

To fix CVE-2009-0842, upgrade your MapServer installation to version 4.10.4 or later, or 5.2.2 or later.

What versions of MapServer are affected by CVE-2009-0842?

CVE-2009-0842 affects MapServer versions 4.x before 4.10.4 and 5.x before 5.2.2.

Can CVE-2009-0842 lead to data breaches?

Yes, CVE-2009-0842 can allow remote attackers to read arbitrary file contents, potentially leading to data breaches.

Is there a workaround for CVE-2009-0842 if I can't upgrade?

A workaround for CVE-2009-0842 is to restrict user access to the application and monitor logs for any unauthorized attempts.

Vulnerability/
CVE-2009-0842

medium

4.3

CWE

200

31/3/2009

7/6/2021

CVE-2009-0842: Infoleak

First published: Tue Mar 31 2009(Updated: )

mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
MapServer	=4.0
MapServer	=4.0-beta1
MapServer	=4.0-beta2
MapServer	=4.2.0-beta1
MapServer	=4.4.0-beta1
MapServer	=4.4.0-beta2
MapServer	=4.6.0-beta1
MapServer	=4.6.0-beta2
MapServer	=4.6.0-beta3
MapServer	=4.8.0-beta2
MapServer	=4.8.0-beta1
MapServer	=4.8.0-beta3
MapServer	=4.8.0-rc2
MapServer	=4.8.0-rc1
MapServer	=4.10.0
MapServer	=4.10.0-beta1
MapServer	=4.10.0-rc1
MapServer	=4.10.0-beta3
MapServer	=4.10.0-beta2
MapServer	=4.10.2
MapServer	=4.10.1
MapServer	=4.10.3
MapServer	=5.0.0-beta5
MapServer	=5.0.0-beta6
MapServer	=5.0.0-beta3
MapServer	=5.0.0-beta4
MapServer	=5.0.0-beta1
MapServer	=5.0.0-beta2
MapServer	=5.0.0-rc1
MapServer	=5.2.0
MapServer	=5.2.0-beta2
MapServer	=5.2.0-beta1
MapServer	=5.2.0-beta3
MapServer	=5.2.0-beta4
MapServer	=5.2.0-rc1
MapServer	=5.2.1
MapServer	=4.6.0
MapServer	=4.6.0-rc1
MapServer	=5.0.0-rc2
MapServer	=5.0.0
MapServer	=4.4.0
MapServer	=4.4.0-beta3

Remedy

http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-0842?
CVE-2009-0842 has been classified with a medium severity rating due to its potential for information disclosure.
How do I fix CVE-2009-0842?
To fix CVE-2009-0842, upgrade your MapServer installation to version 4.10.4 or later, or 5.2.2 or later.
What versions of MapServer are affected by CVE-2009-0842?
CVE-2009-0842 affects MapServer versions 4.x before 4.10.4 and 5.x before 5.2.2.
Can CVE-2009-0842 lead to data breaches?
Yes, CVE-2009-0842 can allow remote attackers to read arbitrary file contents, potentially leading to data breaches.
Is there a workaround for CVE-2009-0842 if I can't upgrade?
A workaround for CVE-2009-0842 is to restrict user access to the application and monitor logs for any unauthorized attempts.

agent/type
agent/last-modified-date
agent/first-publish-date
agent/severity
agent/remedy
agent/author
agent/references
agent/weakness
agent/tags
agent/description
agent/softwarecombine
agent/event
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/umn
canonical/mapserver
version/mapserver/4.0
version/mapserver/4.0-beta1
version/mapserver/4.0-beta2
vendor/osgeo
version/mapserver/4.2.0-beta1
version/mapserver/4.4.0-beta1
version/mapserver/4.4.0-beta2
version/mapserver/4.6.0-beta1
version/mapserver/4.6.0-beta2
version/mapserver/4.6.0-beta3
version/mapserver/4.8.0-beta2
version/mapserver/4.8.0-beta1
version/mapserver/4.8.0-beta3
version/mapserver/4.8.0-rc2
version/mapserver/4.8.0-rc1
version/mapserver/4.10.0
version/mapserver/4.10.0-beta1
version/mapserver/4.10.0-rc1
version/mapserver/4.10.0-beta3
version/mapserver/4.10.0-beta2
version/mapserver/4.10.2
version/mapserver/4.10.1
version/mapserver/4.10.3
version/mapserver/5.0.0-beta5
version/mapserver/5.0.0-beta6
version/mapserver/5.0.0-beta3
version/mapserver/5.0.0-beta4
version/mapserver/5.0.0-beta1
version/mapserver/5.0.0-beta2
version/mapserver/5.0.0-rc1
version/mapserver/5.2.0
version/mapserver/5.2.0-beta2
version/mapserver/5.2.0-beta1
version/mapserver/5.2.0-beta3
version/mapserver/5.2.0-beta4
version/mapserver/5.2.0-rc1
version/mapserver/5.2.1
version/mapserver/4.6.0
version/mapserver/4.6.0-rc1
version/mapserver/5.0.0-rc2
version/mapserver/5.0.0
version/mapserver/4.4.0
version/mapserver/4.4.0-beta3