What is the severity of CVE-2009-2281?

CVE-2009-2281 has a severity rating that suggests it can allow remote attackers to execute arbitrary code, indicating a critical risk.

How do I fix CVE-2009-2281?

To fix CVE-2009-2281, upgrade to MapServer version 5.4.2 or later, as these versions have addressed the vulnerability.

What software is affected by CVE-2009-2281?

CVE-2009-2281 affects MapServer versions from 4.0 up to 4.10.4 and also includes certain 5.x versions prior to 5.4.2.

Can CVE-2009-2281 be exploited remotely?

Yes, CVE-2009-2281 can be exploited remotely by attackers using manipulated Content-Length HTTP headers or oversized HTTP requests.

What type of vulnerability is CVE-2009-2281?

CVE-2009-2281 is classified as a heap-based buffer underflow vulnerability.

Vulnerability/
CVE-2009-2281

critical

CWE

119 190

23/10/2009

16/9/2024

CVE-2009-2281: Buffer Overflow

First published: Fri Oct 23 2009(Updated: )

Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
MapServer	=4.0
MapServer	=4.0-beta1
MapServer	=4.0-beta2
MapServer	=4.2.0-beta1
MapServer	=4.4.0-beta1
MapServer	=4.4.0-beta2
MapServer	=4.6.0-beta1
MapServer	=4.6.0-beta2
MapServer	=4.6.0-beta3
MapServer	=4.8.0-beta2
MapServer	=4.8.0-beta1
MapServer	=4.8.0-beta3
MapServer	=4.8.0-rc2
MapServer	=4.8.0-rc1
MapServer	=4.10.0
MapServer	=4.10.0-beta1
MapServer	=4.10.0-rc1
MapServer	=4.10.0-beta3
MapServer	=4.10.0-beta2
MapServer	=4.10.4
MapServer	=4.10.2
MapServer	=4.10.1
MapServer	=4.10.3
MapServer	=5.0.0-beta5
MapServer	=5.0.0-beta6
MapServer	=5.0.0-beta3
MapServer	=5.0.0-beta4
MapServer	=5.0.0-beta1
MapServer	=5.0.0-beta2
MapServer	=5.0.0-rc1
MapServer	=5.2.0
MapServer	=5.2.0-beta2
MapServer	=5.2.0-beta1
MapServer	=5.2.0-beta3
MapServer	=5.2.0-beta4
MapServer	=5.2.0-rc1
MapServer	=5.4.0
MapServer	=5.4.0-beta1
MapServer	=5.4.0-beta2
MapServer	=5.4.0-beta4
MapServer	=5.4.0-beta3
MapServer	=5.4.0-rc2
MapServer	=5.4.0-rc1
MapServer	=5.4.1
MapServer	=4.6.0
MapServer	=4.6.0-rc1
MapServer	=5.0.0-rc2
MapServer	=5.0.0
MapServer	=4.4.0
MapServer	=4.4.0-beta3

Remedy

http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0-5.1+etch4.diff.gz

Remedy

http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3-3+lenny4.diff.gz

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-2281?
CVE-2009-2281 has a severity rating that suggests it can allow remote attackers to execute arbitrary code, indicating a critical risk.
How do I fix CVE-2009-2281?
To fix CVE-2009-2281, upgrade to MapServer version 5.4.2 or later, as these versions have addressed the vulnerability.
What software is affected by CVE-2009-2281?
CVE-2009-2281 affects MapServer versions from 4.0 up to 4.10.4 and also includes certain 5.x versions prior to 5.4.2.
Can CVE-2009-2281 be exploited remotely?
Yes, CVE-2009-2281 can be exploited remotely by attackers using manipulated Content-Length HTTP headers or oversized HTTP requests.
What type of vulnerability is CVE-2009-2281?
CVE-2009-2281 is classified as a heap-based buffer underflow vulnerability.

agent/type
agent/remedy
agent/author
agent/references
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/weakness
agent/tags
agent/softwarecombine
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/umn
canonical/mapserver
version/mapserver/4.0
version/mapserver/4.0-beta1
version/mapserver/4.0-beta2
vendor/osgeo
version/mapserver/4.2.0-beta1
version/mapserver/4.4.0-beta1
version/mapserver/4.4.0-beta2
version/mapserver/4.6.0-beta1
version/mapserver/4.6.0-beta2
version/mapserver/4.6.0-beta3
version/mapserver/4.8.0-beta2
version/mapserver/4.8.0-beta1
version/mapserver/4.8.0-beta3
version/mapserver/4.8.0-rc2
version/mapserver/4.8.0-rc1
version/mapserver/4.10.0
version/mapserver/4.10.0-beta1
version/mapserver/4.10.0-rc1
version/mapserver/4.10.0-beta3
version/mapserver/4.10.0-beta2
version/mapserver/4.10.4
version/mapserver/4.10.2
version/mapserver/4.10.1
version/mapserver/4.10.3
version/mapserver/5.0.0-beta5
version/mapserver/5.0.0-beta6
version/mapserver/5.0.0-beta3
version/mapserver/5.0.0-beta4
version/mapserver/5.0.0-beta1
version/mapserver/5.0.0-beta2
version/mapserver/5.0.0-rc1
version/mapserver/5.2.0
version/mapserver/5.2.0-beta2
version/mapserver/5.2.0-beta1
version/mapserver/5.2.0-beta3
version/mapserver/5.2.0-beta4
version/mapserver/5.2.0-rc1
version/mapserver/5.4.0
version/mapserver/5.4.0-beta1
version/mapserver/5.4.0-beta2
version/mapserver/5.4.0-beta4
version/mapserver/5.4.0-beta3
version/mapserver/5.4.0-rc2
version/mapserver/5.4.0-rc1
version/mapserver/5.4.1
version/mapserver/4.6.0
version/mapserver/4.6.0-rc1
version/mapserver/5.0.0-rc2
version/mapserver/5.0.0
version/mapserver/4.4.0
version/mapserver/4.4.0-beta3

CVE-2009-2281: Buffer Overflow

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-2281?

How do I fix CVE-2009-2281?

What software is affected by CVE-2009-2281?

Can CVE-2009-2281 be exploited remotely?

What type of vulnerability is CVE-2009-2281?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2009-2281?

How do I fix CVE-2009-2281?

What software is affected by CVE-2009-2281?

Can CVE-2009-2281 be exploited remotely?

What type of vulnerability is CVE-2009-2281?