VYPR
← All advisories
Moderate severityNVD Advisory· Published Sep 14, 2009· Updated Apr 23, 2026

CVE-2008-7227

CVE-2008-7227

Description

PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.geoserver:gs-mainMaven
< 1.6.11.6.1
org.geoserver.web:gs-web-appMaven
< 1.6.11.6.1

Affected products

26
  • Geoserver/Geoserver26 versions
    cpe:2.3:a:geoserver:geoserver:1.3.0:*:*:*:*:*:*:*+ 25 more
    • cpe:2.3:a:geoserver:geoserver:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.3.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.3.0:pr1:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.3.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.3.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.3.0:rc6:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.3.0:rc7:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.4.0:m0:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.4.0:m1:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.5.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.5.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.5.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.5.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.6.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.6.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.6.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.6.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.6.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:1.7.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:3.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:geoserver:geoserver:*:beta4:*:*:*:*:*:*range: <=1.6.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.