CVE-2008-7227

PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors.
Configurations

Configuration 1

cpe:2.3:a:geoserver:geoserver:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.5.0:rc4:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.3.0:rc6:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:*:beta4:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.3.0:pr1:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.4.0:m1:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.5.1:rc1:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.3.0:rc4:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.3.0:rc7:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.3.0:beta:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.7.0:beta1:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.5.0:rc3:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:3.0:beta3:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.5.0:beta2:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.4.0:m0:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:geoserver:geoserver:1.6.0:rc3:*:*:*:*:*:*

Information

Published : 2009-09-14 02:30

Updated : 2009-09-15 04:00


NVD link : CVE-2008-7227

Mitre link : CVE-2008-7227

Products Affected
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer