CVE-2008-7227

PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://jira.codehaus.org/browse/GEOS-1747
http://osvdb.org/43266

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:geoserver:geoserver::beta4::::::*
	cpe:2.3:a:geoserver:geoserver:1.3.0:::::::*
	cpe:2.3:a:geoserver:geoserver:1.3.0:beta::::::
	cpe:2.3:a:geoserver:geoserver:1.3.0:pr1::::::
	cpe:2.3:a:geoserver:geoserver:1.3.0:rc2::::::
	cpe:2.3:a:geoserver:geoserver:1.3.0:rc4::::::
	cpe:2.3:a:geoserver:geoserver:1.3.0:rc6::::::
	cpe:2.3:a:geoserver:geoserver:1.3.0:rc7::::::
	cpe:2.3:a:geoserver:geoserver:1.3.2:::::::*
	cpe:2.3:a:geoserver:geoserver:1.4.0:m0::::::
	cpe:2.3:a:geoserver:geoserver:1.4.0:m1::::::
	cpe:2.3:a:geoserver:geoserver:1.5.0:beta2::::::
	cpe:2.3:a:geoserver:geoserver:1.5.0:rc3::::::
	cpe:2.3:a:geoserver:geoserver:1.5.0:rc4::::::
	cpe:2.3:a:geoserver:geoserver:1.5.1:::::::*
	cpe:2.3:a:geoserver:geoserver:1.5.1:rc1::::::
	cpe:2.3:a:geoserver:geoserver:1.5.2:::::::*
	cpe:2.3:a:geoserver:geoserver:1.5.3:::::::*
	cpe:2.3:a:geoserver:geoserver:1.6.0:::::::*
	cpe:2.3:a:geoserver:geoserver:1.6.0:beta1::::::
	cpe:2.3:a:geoserver:geoserver:1.6.0:beta2::::::
	cpe:2.3:a:geoserver:geoserver:1.6.0:rc1::::::
	cpe:2.3:a:geoserver:geoserver:1.6.0:rc2::::::
	cpe:2.3:a:geoserver:geoserver:1.6.0:rc3::::::
	cpe:2.3:a:geoserver:geoserver:1.7.0:beta1::::::
	cpe:2.3:a:geoserver:geoserver:3.0:beta3::::::

History

No history.

Information

Published : 2009-09-14 14:30

Updated : 2009-09-15 04:00

NVD link : CVE-2008-7227

Mitre link : CVE-2008-7227

CVE.ORG link : CVE-2008-7227

JSON object : View

Products Affected

geoserver

geoserver

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2008-7227", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-09-14T14:30:00.377", "references": [{"url": "http://jira.codehaus.org/browse/GEOS-1747", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/43266", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an \"in memory buffer,\" which prevents the reporting of a service exception, with unknown impact and attack vectors."}, {"lang": "es", "value": "PartialBufferOutputStream2 de GeoServer anterior a v1.6.1 y v1.7.0-beta1, intenta renovar los contenidos del b\u00fafer incluso cuando est\u00e1 trabajando un \"b\u00fafer en memoria\", esto evita que se muestren las excepciones en este servicio, lo que tiene un impacto y vectores de ataque desconocidos."}], "lastModified": "2009-09-15T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:geoserver:geoserver:*:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EEBA7FF-3004-41A1-A803-35B5A7175A49", "versionEndIncluding": "1.6.0"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE4C62CD-9AF7-4C6A-88AA-26829892A20E"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.3.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37EDEF23-FF7A-44B7-8A0E-232264C172FA"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.3.0:pr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B85C7FA5-F40A-4DAF-9F8D-58FC9F42DD23"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.3.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "033E86CF-49DF-4838-BA6C-E6087A5C72B2"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.3.0:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "620491F7-0AF2-4684-AA81-737B0D25B265"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.3.0:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2083302-AF38-4D99-8744-6A5A92A225DC"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.3.0:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DBDF056-06C2-4CB7-BA1F-FA8297B86458"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E12CDE69-20CE-4265-94D8-683ACD15C21E"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.4.0:m0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23DC2899-05E8-4E2A-8865-3F07A21E7E3A"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.4.0:m1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "306779D0-DB91-44F1-B96C-E8DBFBC42C36"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.5.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4D89DD7-D7A2-470E-98CC-7DE5BE014C6D"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.5.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A3B8CCC-CB10-4CC0-8A9F-1F3CDC506974"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.5.0:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1ECC2970-8445-4CB6-B09C-8B890DDF6B71"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "468B27AB-5F0D-48C0-BA43-317271A507E8"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.5.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A36E07B7-67AA-466C-9CD8-F4199B01739A"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35D08540-9125-4E1E-9E2F-54A237A1CAB8"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90191A81-3A2D-4ED6-A69C-1E43C0133EEB"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5C7C32C-0086-4B67-827D-112A33A690BF"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.6.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBB59F80-4C47-4A80-A4A9-0AF125FD19F4"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.6.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA5AB47E-A6DD-4C58-9E4B-1C681C58F9DE"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.6.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "642BEFCD-778B-443C-8863-CAFEAF877781"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.6.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9099646-CA75-4431-AAB1-9DF1DE40E567"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.6.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82F7E2B5-D036-469E-AE40-636A2585CD0D"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:1.7.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EF678DB-679E-4DFF-B57F-5C51C3F0867E"}, {"criteria": "cpe:2.3:a:geoserver:geoserver:3.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44C2E5C2-536C-4E89-9A9E-D9016D369FF0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}