PT-2009-2694 · Geoserver · Geoserver

Published

2009-09-14

Updated

2022-05-17

CVE-2008-7227

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 1.6.1 GeoServer versions prior to 1.7.0-beta1

Description The issue is related to the PartialBufferOutputStream2 in GeoServer, which attempts to flush buffer contents even when handling an "in memory buffer." This prevents the reporting of a service exception. The impact and attack vectors of this issue are unknown. However, it has been noted that the effects of the bug would only give the caller an incomplete view of data which they would be authorized to see.

Recommendations For GeoServer versions prior to 1.6.1, update to version 1.6.1 or later. For GeoServer versions prior to 1.7.0-beta1, update to version 1.7.0-beta1 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2008-7227

GHSA-8HMH-MHQV-7638

Affected Products

Geoserver

PT-2009-2694 · Geoserver · Geoserver

CVE-2008-7227

Weakness Enumeration

Related Identifiers

Affected Products

References · 7