Search criteria
57 vulnerabilities found for mapserver by osgeo
FKIE_CVE-2025-59431
Vulnerability from fkie_nvd - Published: 2025-09-19 20:15 - Updated: 2025-10-08 18:26
Severity ?
Summary
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipulate backend database queries. This vulnerability is fixed in 8.4.1.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/MapServer/MapServer/security/advisories/GHSA-256m-rx4h-r55w | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:mapserver:8.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "FAB6F3E4-78D4-4E7B-A6B4-DE26A4EF8C9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipulate backend database queries. This vulnerability is fixed in 8.4.1."
}
],
"id": "CVE-2025-59431",
"lastModified": "2025-10-08T18:26:15.403",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-09-19T20:15:40.177",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/MapServer/MapServer/security/advisories/GHSA-256m-rx4h-r55w"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-32062
Vulnerability from fkie_nvd - Published: 2021-05-06 13:15 - Updated: 2024-11-21 06:06
Severity ?
Summary
MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91AFEB95-C85E-4C20-8A1A-1C0F54EEBF96",
"versionEndExcluding": "7.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D5061F-90C3-4799-A4E6-0FB480B9327D",
"versionEndExcluding": "7.2.3",
"versionStartIncluding": "7.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BDBC3C-D91A-46A1-9901-BC8143E2ABAC",
"versionEndExcluding": "7.4.5",
"versionStartIncluding": "7.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41AD3312-0BCC-4A1B-912F-2351A2CB497D",
"versionEndExcluding": "7.6.3",
"versionStartIncluding": "7.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI)."
},
{
"lang": "es",
"value": "MapServer versiones anteriores a 7.0.8, 7.1.xy versiones 7.2.x anteriores a 7.2.3, 7.3.xy versiones 7.4.x anteriores a 7.4.5, y 7.5.x y versiones 7.6.x anteriores a 7.6.3, no aplica apropiadamente las restricciones MS_MAP_NO_PATH y MS_MAP_PATTERN que son destinadas a controlar las ubicaciones desde las que un mapfile puede ser cargado (con MapServer CGI)"
}
],
"id": "CVE-2021-32062",
"lastModified": "2024-11-21T06:06:47.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-06T13:15:12.723",
"references": [
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNORAZCJ7AIPJFUY6WGLYIA3QVPWFXFY/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVWUC4EOW5WZAZGPLRTZS5QXNUEBPQ5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mapserver.org/development/changelog/changelog-7-0.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mapserver.org/development/changelog/changelog-7-2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mapserver.org/development/changelog/changelog-7-4.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mapserver.org/development/changelog/changelog-7-6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNORAZCJ7AIPJFUY6WGLYIA3QVPWFXFY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVWUC4EOW5WZAZGPLRTZS5QXNUEBPQ5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mapserver.org/development/changelog/changelog-7-0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mapserver.org/development/changelog/changelog-7-2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mapserver.org/development/changelog/changelog-7-4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://mapserver.org/development/changelog/changelog-7-6.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1678
Vulnerability from fkie_nvd - Published: 2019-10-29 21:15 - Updated: 2024-11-21 01:14
Severity ?
Summary
Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-1678.html | Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2010-1678 | Third Party Advisory | |
| cve@mitre.org | https://trac.osgeo.org/mapserver/ticket/3641 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-1678.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-1678 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://trac.osgeo.org/mapserver/ticket/3641 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13F9205F-6523-40FD-AEC7-97DAE3310071",
"versionEndExcluding": "5.6.5.-2",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9689CB4-A70C-42D7-91E0-68057D9D4779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A456E60-8073-4726-AC77-573DCA877FAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing."
},
{
"lang": "es",
"value": "Mapserver versiones 5.2, 5.4 y versiones 5.6 anteriores a 5.6.5-2, comprueba inapropiadamente los valores de \u00edndice de s\u00edmbolos durante el an\u00e1lisis de Mapfile."
}
],
"id": "CVE-2010-1678",
"lastModified": "2024-11-21T01:14:58.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T21:15:10.653",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-1678.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1678"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://trac.osgeo.org/mapserver/ticket/3641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-1678.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://trac.osgeo.org/mapserver/ticket/3641"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-5522
Vulnerability from fkie_nvd - Published: 2017-03-15 16:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| osgeo | mapserver | * | |
| osgeo | mapserver | 6.2.0 | |
| osgeo | mapserver | 6.2.0 | |
| osgeo | mapserver | 6.2.0 | |
| osgeo | mapserver | 6.2.0 | |
| osgeo | mapserver | 6.2.0 | |
| osgeo | mapserver | 6.2.0 | |
| osgeo | mapserver | 6.2.1 | |
| osgeo | mapserver | 6.2.2 | |
| osgeo | mapserver | 6.2.3 | |
| osgeo | mapserver | 6.4.0 | |
| osgeo | mapserver | 6.4.0 | |
| osgeo | mapserver | 6.4.0 | |
| osgeo | mapserver | 6.4.0 | |
| osgeo | mapserver | 6.4.1 | |
| osgeo | mapserver | 6.4.2 | |
| osgeo | mapserver | 6.4.3 | |
| osgeo | mapserver | 6.4.4 | |
| osgeo | mapserver | 7.0.0 | |
| osgeo | mapserver | 7.0.0 | |
| osgeo | mapserver | 7.0.0 | |
| osgeo | mapserver | 7.0.1 | |
| osgeo | mapserver | 7.0.2 | |
| osgeo | mapserver | 7.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2616104A-15A1-4EE2-B422-F0A0956029B1",
"versionEndIncluding": "6.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16A7F401-1829-440B-A7D0-08515F73E11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "EC09B39C-A41A-4024-A5CE-1D8FDFB9C67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E25092AC-76DD-495D-9FB6-A6D76A08464D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C738E019-D602-4E5C-8FB3-64CC5F11EF83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "FFD649DB-1FE8-4973-B329-107A89FD6799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4E6833DE-045A-4458-A067-CCFA3A8CE016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A01342-B989-4134-8692-8BD8A42B93D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F52DB9E8-C9B0-4513-B181-05A98404C04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FC5EA648-9431-45F1-93FE-2D60C08634B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "995FF868-DD52-4625-AD2E-74BB63F4BC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CA6FB628-5D34-46DF-BF7F-5D277A51F9F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2EC08735-4E07-45F2-AE1B-56F6B9291FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5BB85B09-03A4-4296-8CDC-40338C7F92EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9D9693-6F02-4F21-AD59-A0AEA73D6374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8EA460-06CF-4175-999C-5C98E9B0DC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3905DE6B-14D9-45E0-9A95-9EE131691658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6DD7AA-AA71-497E-9BCC-7CDD450EA7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "251BBE27-A977-4725-AFCA-22CF96CBD965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:7.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FB1C2F87-63A3-4D2C-AB84-B7C319058572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:7.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "46A22D61-588D-476C-8284-EEE3EDC53EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE7043E9-2FE4-441D-AF8E-139AF97387CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131EA02D-E121-4BED-9381-688A2ED16595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C53903F5-D572-4CDA-BEC3-EAA5FDBB5A2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en MapServer en versiones anteriores a 6.0.6, 6.2.x en versiones anteriores a 6.2.4, 6.4.x en versiones anteriores a 6.4.5 y 7.0.x en versiones anteriores a 7.0.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que implican solicitudes WFS de obtenci\u00f3n de funci\u00f3n."
}
],
"id": "CVE-2017-5522",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-15T16:59:00.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3766"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-0-6.html#changelog-6-0-6"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-2-4.html#changelog-6-2-4"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-5"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://www.mapserver.org/development/changelog/changelog-7-0.html#changelog-7-0-4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-0-6.html#changelog-6-0-6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-2-4.html#changelog-6-2-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.mapserver.org/development/changelog/changelog-7-0.html#changelog-7-0-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9839
Vulnerability from fkie_nvd - Published: 2016-12-08 08:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/94856 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/mapserver/mapserver/pull/5356 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94856 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mapserver/mapserver/pull/5356 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBFD083-9B91-4A4B-BFC4-3B989656EBFE",
"versionEndIncluding": "7.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails."
},
{
"lang": "es",
"value": "En MapServer en versiones anteriores a 7.0.3, los mensajes de error del controlador OGR son demasiado verbosos y pueden filtrar informaci\u00f3n sensible si la conexi\u00f3n de los datos falla."
}
],
"id": "CVE-2016-9839",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-08T08:59:01.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94856"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/mapserver/mapserver/pull/5356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/mapserver/mapserver/pull/5356"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-7262
Vulnerability from fkie_nvd - Published: 2014-01-05 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B70E7C5A-FD95-433E-AFC9-125E02601C01",
"versionEndIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7362D32E-07AF-4DFB-A7EE-B92A2949FCC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16812C55-8E9F-4035-92E6-D2C7AF4F5B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5C11F257-809F-4F7C-B5B1-5D407B983DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3AFFE501-B4E0-4352-8C8D-44531E8A6ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "426DC6E0-2DA2-4815-B08B-EE2CF20AE3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEE70D8-0EC2-4855-81C8-9FECCD9C16BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FE55464C-FD27-47BF-9941-26EE7968BF70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E01A6111-3A73-4033-8333-4929A6A22CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "CE4F9152-4BA9-4742-9041-9707BB4B505F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F27BB1D-165E-4414-AB9B-5BBDF4268F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9305883D-8626-448C-8B1A-074158F518DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "04D30449-7EEB-42C4-9F11-4E6EE39C18F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "DE53FF73-329B-4384-B636-2F4050778FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B52B92DB-535F-45B7-AF32-B97216A4C4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C410FF2E-E1C6-4238-94ED-3EC6389C961D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "279DE3C1-7BEB-43A4-A91B-06D3A53C30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "279EDC4E-87CC-48ED-B735-84F96DC5796E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "53AB964F-61BD-4EC5-8469-7DB371154455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C27C5F5A-6B68-4723-809B-C482238F9647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "43CFB610-77A2-436E-ADD0-C0D647AF56DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED26BFDF-0C8C-4BEF-BB2D-FA7ADB95AFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2E86BD-2358-46D5-BBB5-147168001578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257B30-61DC-4838-92E6-D9938224BFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F28AEC9-4A65-4C66-90B2-4B3B83B2C91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3463E320-A38C-4D06-BE66-DB20AC9994E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C661B582-E2F6-4E91-A47C-E91CCB0ECF2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7E60110D-1CED-47BE-8565-FE858BEFF44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8B061F26-EF3F-48CC-A974-5B49A622C5FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "0870B801-E121-47D8-9C88-B01C7AB6ED3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "B0F320C0-1A33-4768-9BB1-09C6554A9C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "81C28558-F40D-48B9-B98C-F30709C89AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "DCEF61F4-F4CE-4E33-A67C-17B1D0185BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "65E266D2-C1F2-4400-9E41-AEB2F116C733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9161B916-5EED-46C4-8E0C-515A0B6D2902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9689CB4-A70C-42D7-91E0-68057D9D4779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6767A7E5-7A2C-452D-A6EB-9C61B43DC39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "119B427D-87AC-4DD8-AD13-B8CFC847A947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "57221C0B-EE09-4EB6-AE21-3C31393EB922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74EEC8BC-A00F-4DCF-B787-5B95699DBD80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9030BE8-663A-4F46-B255-0AEBFD790DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DED21A-FA34-4F6A-8ED5-A985671E5653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A456E60-8073-4726-AC77-573DCA877FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5A6832D8-7E2B-457A-ABBC-09761DD73ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "38513CAF-212E-495E-844F-09554FAC0B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "20037250-ACD8-4425-898E-A5E857E3D159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "6173ECB3-07D7-43D7-8B0A-C524C5E9F231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "753D71D6-4535-475D-96F1-42217F9ADE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "517783AC-5678-48B9-A3FE-BEDCE1176651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "577E45A9-D259-4DD3-803F-459640673865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10745BC1-9849-4C26-8CB4-7AF75323AF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "316892DC-5B62-45D4-B37D-6C0C2E384BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DD8E01-7A50-49CF-B083-E796C56A37AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C99339E6-87F2-4571-9789-4593381849AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "320F9C32-C57F-457E-9238-183FFCB633C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFE5FE6-9AFB-4C18-9B30-F13273D4B1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "375C147D-82EF-4582-91F1-67EE0196BB5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16A7F401-1829-440B-A7D0-08515F73E11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A01342-B989-4134-8692-8BD8A42B93D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F43392C7-AC41-47CE-80B6-4AF935535D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6AA556-0F19-4B6B-BF83-7C04FA7224A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14A74989-30DD-4706-835F-A26A5A214A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n msPostGISLayerSetTimeFilter en mappostgis.c en MapServer anterior a v6.4.1, cuando un servicio WMS-Time es utilizado permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de una cadena manipulada en un filtro PostGIS TIME."
}
],
"id": "CVE-2013-7262",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-05T20:55:04.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/64671"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/mapserver/mapserver/issues/4834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/mapserver/mapserver/issues/4834"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-2975
Vulnerability from fkie_nvd - Published: 2011-08-01 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8186CBBA-930C-4056-B375-DAD5DED37556",
"versionEndIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7362D32E-07AF-4DFB-A7EE-B92A2949FCC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16812C55-8E9F-4035-92E6-D2C7AF4F5B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5C11F257-809F-4F7C-B5B1-5D407B983DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3AFFE501-B4E0-4352-8C8D-44531E8A6ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "426DC6E0-2DA2-4815-B08B-EE2CF20AE3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEE70D8-0EC2-4855-81C8-9FECCD9C16BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FE55464C-FD27-47BF-9941-26EE7968BF70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E01A6111-3A73-4033-8333-4929A6A22CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "CE4F9152-4BA9-4742-9041-9707BB4B505F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F27BB1D-165E-4414-AB9B-5BBDF4268F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9305883D-8626-448C-8B1A-074158F518DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "04D30449-7EEB-42C4-9F11-4E6EE39C18F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "DE53FF73-329B-4384-B636-2F4050778FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B52B92DB-535F-45B7-AF32-B97216A4C4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C410FF2E-E1C6-4238-94ED-3EC6389C961D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "279DE3C1-7BEB-43A4-A91B-06D3A53C30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "279EDC4E-87CC-48ED-B735-84F96DC5796E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "53AB964F-61BD-4EC5-8469-7DB371154455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C27C5F5A-6B68-4723-809B-C482238F9647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "43CFB610-77A2-436E-ADD0-C0D647AF56DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED26BFDF-0C8C-4BEF-BB2D-FA7ADB95AFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2E86BD-2358-46D5-BBB5-147168001578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257B30-61DC-4838-92E6-D9938224BFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F28AEC9-4A65-4C66-90B2-4B3B83B2C91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3463E320-A38C-4D06-BE66-DB20AC9994E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C661B582-E2F6-4E91-A47C-E91CCB0ECF2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7E60110D-1CED-47BE-8565-FE858BEFF44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8B061F26-EF3F-48CC-A974-5B49A622C5FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "0870B801-E121-47D8-9C88-B01C7AB6ED3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "B0F320C0-1A33-4768-9BB1-09C6554A9C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "81C28558-F40D-48B9-B98C-F30709C89AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "DCEF61F4-F4CE-4E33-A67C-17B1D0185BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "65E266D2-C1F2-4400-9E41-AEB2F116C733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9161B916-5EED-46C4-8E0C-515A0B6D2902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9689CB4-A70C-42D7-91E0-68057D9D4779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6767A7E5-7A2C-452D-A6EB-9C61B43DC39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "119B427D-87AC-4DD8-AD13-B8CFC847A947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "57221C0B-EE09-4EB6-AE21-3C31393EB922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74EEC8BC-A00F-4DCF-B787-5B95699DBD80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9030BE8-663A-4F46-B255-0AEBFD790DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DED21A-FA34-4F6A-8ED5-A985671E5653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A456E60-8073-4726-AC77-573DCA877FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5A6832D8-7E2B-457A-ABBC-09761DD73ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "38513CAF-212E-495E-844F-09554FAC0B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "20037250-ACD8-4425-898E-A5E857E3D159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "6173ECB3-07D7-43D7-8B0A-C524C5E9F231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "753D71D6-4535-475D-96F1-42217F9ADE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "517783AC-5678-48B9-A3FE-BEDCE1176651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "577E45A9-D259-4DD3-803F-459640673865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10745BC1-9849-4C26-8CB4-7AF75323AF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "316892DC-5B62-45D4-B37D-6C0C2E384BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DD8E01-7A50-49CF-B083-E796C56A37AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C99339E6-87F2-4571-9789-4593381849AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:4.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00063772-1E7D-406F-A390-7B4FB21A6096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17721EF7-4B68-44F4-B38B-B1A1598ACC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F43392C7-AC41-47CE-80B6-4AF935535D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8C37B7-14D9-40A8-A0EA-B92AE91E9222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC26637-E186-4C95-B9EA-12A96919FE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F00721EA-2D0C-45AD-A909-450141400489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6AA556-0F19-4B6B-BF83-7C04FA7224A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FCDF813C-781A-44E4-99EB-9716F9789A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6848D95B-9682-4017-86C5-91E979E27D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F76F63E7-D36E-4061-B26C-260C6DE3934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "88061976-D6E6-44A6-B765-32ACA74F7A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "57041185-4A72-4A74-95CB-DC902947085E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "2F8C35E8-AB54-4D24-9AE1-A1FF69E81298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "8F66DF75-3621-45DF-B0FC-5C7EB928FB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C816A56D-1139-4AFA-A457-966522EF6150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D30020CA-CFAD-49B0-9340-89AB48CE60E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data."
},
{
"lang": "es",
"value": "Doble vulnerabilidad libre en la funci\u00f3n msAddImageSymbol en mapsymbol.c en MapServer anterior a v6.0.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o tener otro impacto no especificado a trav\u00e9s de datos mapfile manipulados."
}
],
"id": "CVE-2011-2975",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-08-01T20:55:01.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3939"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-2704
Vulnerability from fkie_nvd - Published: 2011-08-01 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6823B0AE-FBC3-4E49-9BB4-64A39435B328",
"versionEndIncluding": "4.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7362D32E-07AF-4DFB-A7EE-B92A2949FCC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16812C55-8E9F-4035-92E6-D2C7AF4F5B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5C11F257-809F-4F7C-B5B1-5D407B983DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3AFFE501-B4E0-4352-8C8D-44531E8A6ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "426DC6E0-2DA2-4815-B08B-EE2CF20AE3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEE70D8-0EC2-4855-81C8-9FECCD9C16BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FE55464C-FD27-47BF-9941-26EE7968BF70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E01A6111-3A73-4033-8333-4929A6A22CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "CE4F9152-4BA9-4742-9041-9707BB4B505F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F27BB1D-165E-4414-AB9B-5BBDF4268F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9305883D-8626-448C-8B1A-074158F518DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "04D30449-7EEB-42C4-9F11-4E6EE39C18F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "DE53FF73-329B-4384-B636-2F4050778FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B52B92DB-535F-45B7-AF32-B97216A4C4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C410FF2E-E1C6-4238-94ED-3EC6389C961D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "279DE3C1-7BEB-43A4-A91B-06D3A53C30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "279EDC4E-87CC-48ED-B735-84F96DC5796E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "53AB964F-61BD-4EC5-8469-7DB371154455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C27C5F5A-6B68-4723-809B-C482238F9647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "43CFB610-77A2-436E-ADD0-C0D647AF56DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED26BFDF-0C8C-4BEF-BB2D-FA7ADB95AFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2E86BD-2358-46D5-BBB5-147168001578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257B30-61DC-4838-92E6-D9938224BFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F28AEC9-4A65-4C66-90B2-4B3B83B2C91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3463E320-A38C-4D06-BE66-DB20AC9994E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C661B582-E2F6-4E91-A47C-E91CCB0ECF2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7E60110D-1CED-47BE-8565-FE858BEFF44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8B061F26-EF3F-48CC-A974-5B49A622C5FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "0870B801-E121-47D8-9C88-B01C7AB6ED3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "B0F320C0-1A33-4768-9BB1-09C6554A9C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "81C28558-F40D-48B9-B98C-F30709C89AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "DCEF61F4-F4CE-4E33-A67C-17B1D0185BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "65E266D2-C1F2-4400-9E41-AEB2F116C733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9161B916-5EED-46C4-8E0C-515A0B6D2902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9689CB4-A70C-42D7-91E0-68057D9D4779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6767A7E5-7A2C-452D-A6EB-9C61B43DC39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "119B427D-87AC-4DD8-AD13-B8CFC847A947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "57221C0B-EE09-4EB6-AE21-3C31393EB922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74EEC8BC-A00F-4DCF-B787-5B95699DBD80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9030BE8-663A-4F46-B255-0AEBFD790DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DED21A-FA34-4F6A-8ED5-A985671E5653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A456E60-8073-4726-AC77-573DCA877FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5A6832D8-7E2B-457A-ABBC-09761DD73ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "38513CAF-212E-495E-844F-09554FAC0B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "20037250-ACD8-4425-898E-A5E857E3D159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "6173ECB3-07D7-43D7-8B0A-C524C5E9F231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "753D71D6-4535-475D-96F1-42217F9ADE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "517783AC-5678-48B9-A3FE-BEDCE1176651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "577E45A9-D259-4DD3-803F-459640673865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10745BC1-9849-4C26-8CB4-7AF75323AF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "316892DC-5B62-45D4-B37D-6C0C2E384BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DD8E01-7A50-49CF-B083-E796C56A37AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C99339E6-87F2-4571-9789-4593381849AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17721EF7-4B68-44F4-B38B-B1A1598ACC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F43392C7-AC41-47CE-80B6-4AF935535D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8C37B7-14D9-40A8-A0EA-B92AE91E9222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC26637-E186-4C95-B9EA-12A96919FE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F00721EA-2D0C-45AD-A909-450141400489",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en MapServer anterior a v4.10.7 y v5.x anterior a v5.6.7 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores relacionados con el filtro codificado OGC."
}
],
"id": "CVE-2011-2704",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-01T19:55:01.477",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45257"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45368"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3903"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2285"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/14"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/15"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/48720"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=723293"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=723293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68719"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-2703
Vulnerability from fkie_nvd - Published: 2011-08-01 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6823B0AE-FBC3-4E49-9BB4-64A39435B328",
"versionEndIncluding": "4.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7362D32E-07AF-4DFB-A7EE-B92A2949FCC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16812C55-8E9F-4035-92E6-D2C7AF4F5B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5C11F257-809F-4F7C-B5B1-5D407B983DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3AFFE501-B4E0-4352-8C8D-44531E8A6ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "426DC6E0-2DA2-4815-B08B-EE2CF20AE3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEE70D8-0EC2-4855-81C8-9FECCD9C16BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FE55464C-FD27-47BF-9941-26EE7968BF70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E01A6111-3A73-4033-8333-4929A6A22CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "CE4F9152-4BA9-4742-9041-9707BB4B505F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F27BB1D-165E-4414-AB9B-5BBDF4268F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9305883D-8626-448C-8B1A-074158F518DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "04D30449-7EEB-42C4-9F11-4E6EE39C18F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "DE53FF73-329B-4384-B636-2F4050778FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B52B92DB-535F-45B7-AF32-B97216A4C4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C410FF2E-E1C6-4238-94ED-3EC6389C961D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "279DE3C1-7BEB-43A4-A91B-06D3A53C30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "279EDC4E-87CC-48ED-B735-84F96DC5796E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "53AB964F-61BD-4EC5-8469-7DB371154455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C27C5F5A-6B68-4723-809B-C482238F9647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "43CFB610-77A2-436E-ADD0-C0D647AF56DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED26BFDF-0C8C-4BEF-BB2D-FA7ADB95AFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2E86BD-2358-46D5-BBB5-147168001578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257B30-61DC-4838-92E6-D9938224BFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F28AEC9-4A65-4C66-90B2-4B3B83B2C91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3463E320-A38C-4D06-BE66-DB20AC9994E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C661B582-E2F6-4E91-A47C-E91CCB0ECF2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7E60110D-1CED-47BE-8565-FE858BEFF44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8B061F26-EF3F-48CC-A974-5B49A622C5FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "0870B801-E121-47D8-9C88-B01C7AB6ED3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "B0F320C0-1A33-4768-9BB1-09C6554A9C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "81C28558-F40D-48B9-B98C-F30709C89AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "DCEF61F4-F4CE-4E33-A67C-17B1D0185BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "65E266D2-C1F2-4400-9E41-AEB2F116C733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9161B916-5EED-46C4-8E0C-515A0B6D2902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9689CB4-A70C-42D7-91E0-68057D9D4779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6767A7E5-7A2C-452D-A6EB-9C61B43DC39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "119B427D-87AC-4DD8-AD13-B8CFC847A947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "57221C0B-EE09-4EB6-AE21-3C31393EB922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74EEC8BC-A00F-4DCF-B787-5B95699DBD80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9030BE8-663A-4F46-B255-0AEBFD790DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DED21A-FA34-4F6A-8ED5-A985671E5653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A456E60-8073-4726-AC77-573DCA877FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5A6832D8-7E2B-457A-ABBC-09761DD73ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "38513CAF-212E-495E-844F-09554FAC0B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "20037250-ACD8-4425-898E-A5E857E3D159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "6173ECB3-07D7-43D7-8B0A-C524C5E9F231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "753D71D6-4535-475D-96F1-42217F9ADE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "517783AC-5678-48B9-A3FE-BEDCE1176651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "577E45A9-D259-4DD3-803F-459640673865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10745BC1-9849-4C26-8CB4-7AF75323AF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "316892DC-5B62-45D4-B37D-6C0C2E384BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DD8E01-7A50-49CF-B083-E796C56A37AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C99339E6-87F2-4571-9789-4593381849AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17721EF7-4B68-44F4-B38B-B1A1598ACC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F43392C7-AC41-47CE-80B6-4AF935535D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8C37B7-14D9-40A8-A0EA-B92AE91E9222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC26637-E186-4C95-B9EA-12A96919FE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:5.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F00721EA-2D0C-45AD-A909-450141400489",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14A74989-30DD-4706-835F-A26A5A214A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FCDF813C-781A-44E4-99EB-9716F9789A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6848D95B-9682-4017-86C5-91E979E27D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F76F63E7-D36E-4061-B26C-260C6DE3934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "88061976-D6E6-44A6-B765-32ACA74F7A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "57041185-4A72-4A74-95CB-DC902947085E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "2F8C35E8-AB54-4D24-9AE1-A1FF69E81298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "8F66DF75-3621-45DF-B0FC-5C7EB928FB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C816A56D-1139-4AFA-A457-966522EF6150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:6.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D30020CA-CFAD-49B0-9340-89AB48CE60E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en MapServer anterior a v4.10.7, y v5.x anterior a v5.6.7, y v6.x anterior a v6.0.1 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores relacionados con (1) filtros codificados OGC o (2) tiempo de soporte WMS."
}
],
"id": "CVE-2011-2703",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-01T19:55:01.427",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45257"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45318"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45368"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3903"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2285"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/11"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/14"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/15"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/48720"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722545"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=723293"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=723293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68682"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-2539
Vulnerability from fkie_nvd - Published: 2010-08-02 22:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8F303A-608D-4654-9D47-48DFF37AE112",
"versionEndIncluding": "4.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7362D32E-07AF-4DFB-A7EE-B92A2949FCC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16812C55-8E9F-4035-92E6-D2C7AF4F5B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5C11F257-809F-4F7C-B5B1-5D407B983DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3AFFE501-B4E0-4352-8C8D-44531E8A6ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "426DC6E0-2DA2-4815-B08B-EE2CF20AE3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEE70D8-0EC2-4855-81C8-9FECCD9C16BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FE55464C-FD27-47BF-9941-26EE7968BF70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E01A6111-3A73-4033-8333-4929A6A22CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "CE4F9152-4BA9-4742-9041-9707BB4B505F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F27BB1D-165E-4414-AB9B-5BBDF4268F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9305883D-8626-448C-8B1A-074158F518DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "04D30449-7EEB-42C4-9F11-4E6EE39C18F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "DE53FF73-329B-4384-B636-2F4050778FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B52B92DB-535F-45B7-AF32-B97216A4C4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C410FF2E-E1C6-4238-94ED-3EC6389C961D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "279DE3C1-7BEB-43A4-A91B-06D3A53C30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "279EDC4E-87CC-48ED-B735-84F96DC5796E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "53AB964F-61BD-4EC5-8469-7DB371154455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C27C5F5A-6B68-4723-809B-C482238F9647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "43CFB610-77A2-436E-ADD0-C0D647AF56DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED26BFDF-0C8C-4BEF-BB2D-FA7ADB95AFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2E86BD-2358-46D5-BBB5-147168001578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257B30-61DC-4838-92E6-D9938224BFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F28AEC9-4A65-4C66-90B2-4B3B83B2C91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "203F6A08-17BF-4F82-82C5-E0653C2100F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "769B10FF-3175-43DB-9808-8E7712F6E6BB",
"versionEndIncluding": "5.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C661B582-E2F6-4E91-A47C-E91CCB0ECF2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7E60110D-1CED-47BE-8565-FE858BEFF44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8B061F26-EF3F-48CC-A974-5B49A622C5FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "0870B801-E121-47D8-9C88-B01C7AB6ED3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "B0F320C0-1A33-4768-9BB1-09C6554A9C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "81C28558-F40D-48B9-B98C-F30709C89AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "DCEF61F4-F4CE-4E33-A67C-17B1D0185BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "65E266D2-C1F2-4400-9E41-AEB2F116C733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9161B916-5EED-46C4-8E0C-515A0B6D2902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9689CB4-A70C-42D7-91E0-68057D9D4779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6767A7E5-7A2C-452D-A6EB-9C61B43DC39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "119B427D-87AC-4DD8-AD13-B8CFC847A947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "57221C0B-EE09-4EB6-AE21-3C31393EB922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74EEC8BC-A00F-4DCF-B787-5B95699DBD80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9030BE8-663A-4F46-B255-0AEBFD790DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DED21A-FA34-4F6A-8ED5-A985671E5653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A456E60-8073-4726-AC77-573DCA877FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5A6832D8-7E2B-457A-ABBC-09761DD73ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "38513CAF-212E-495E-844F-09554FAC0B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "20037250-ACD8-4425-898E-A5E857E3D159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "6173ECB3-07D7-43D7-8B0A-C524C5E9F231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "753D71D6-4535-475D-96F1-42217F9ADE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "517783AC-5678-48B9-A3FE-BEDCE1176651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "577E45A9-D259-4DD3-803F-459640673865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10745BC1-9849-4C26-8CB4-7AF75323AF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "316892DC-5B62-45D4-B37D-6C0C2E384BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DD8E01-7A50-49CF-B083-E796C56A37AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n msTmpFile en maputil.c en mapserv en MapServer en versiones anteriores a la 4.10.6 y 5.x en versiones anteriores a la 5.6.4, permite a usuarios locales provocar una denegaci\u00f3n de servicio mediante vectores que involucran nombres de ficheros temporales."
}
],
"id": "CVE-2010-2539",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-02T22:00:01.247",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=127973381215859\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=127973754121922\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3484"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/41855"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=617312"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127973381215859\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127973754121922\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/41855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=617312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60851"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-2540
Vulnerability from fkie_nvd - Published: 2010-08-02 22:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8F303A-608D-4654-9D47-48DFF37AE112",
"versionEndIncluding": "4.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7362D32E-07AF-4DFB-A7EE-B92A2949FCC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16812C55-8E9F-4035-92E6-D2C7AF4F5B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5C11F257-809F-4F7C-B5B1-5D407B983DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3AFFE501-B4E0-4352-8C8D-44531E8A6ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "426DC6E0-2DA2-4815-B08B-EE2CF20AE3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEE70D8-0EC2-4855-81C8-9FECCD9C16BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FE55464C-FD27-47BF-9941-26EE7968BF70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E01A6111-3A73-4033-8333-4929A6A22CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "CE4F9152-4BA9-4742-9041-9707BB4B505F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F27BB1D-165E-4414-AB9B-5BBDF4268F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9305883D-8626-448C-8B1A-074158F518DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "04D30449-7EEB-42C4-9F11-4E6EE39C18F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "DE53FF73-329B-4384-B636-2F4050778FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B52B92DB-535F-45B7-AF32-B97216A4C4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C410FF2E-E1C6-4238-94ED-3EC6389C961D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "279DE3C1-7BEB-43A4-A91B-06D3A53C30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "279EDC4E-87CC-48ED-B735-84F96DC5796E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "53AB964F-61BD-4EC5-8469-7DB371154455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C27C5F5A-6B68-4723-809B-C482238F9647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "43CFB610-77A2-436E-ADD0-C0D647AF56DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED26BFDF-0C8C-4BEF-BB2D-FA7ADB95AFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2E86BD-2358-46D5-BBB5-147168001578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257B30-61DC-4838-92E6-D9938224BFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:4.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F28AEC9-4A65-4C66-90B2-4B3B83B2C91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umn:mapserver:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "203F6A08-17BF-4F82-82C5-E0653C2100F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "769B10FF-3175-43DB-9808-8E7712F6E6BB",
"versionEndIncluding": "5.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C661B582-E2F6-4E91-A47C-E91CCB0ECF2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7E60110D-1CED-47BE-8565-FE858BEFF44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8B061F26-EF3F-48CC-A974-5B49A622C5FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "0870B801-E121-47D8-9C88-B01C7AB6ED3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "B0F320C0-1A33-4768-9BB1-09C6554A9C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "81C28558-F40D-48B9-B98C-F30709C89AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "DCEF61F4-F4CE-4E33-A67C-17B1D0185BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "65E266D2-C1F2-4400-9E41-AEB2F116C733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9161B916-5EED-46C4-8E0C-515A0B6D2902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9689CB4-A70C-42D7-91E0-68057D9D4779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6767A7E5-7A2C-452D-A6EB-9C61B43DC39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "119B427D-87AC-4DD8-AD13-B8CFC847A947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "57221C0B-EE09-4EB6-AE21-3C31393EB922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74EEC8BC-A00F-4DCF-B787-5B95699DBD80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9030BE8-663A-4F46-B255-0AEBFD790DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DED21A-FA34-4F6A-8ED5-A985671E5653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A456E60-8073-4726-AC77-573DCA877FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5A6832D8-7E2B-457A-ABBC-09761DD73ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "38513CAF-212E-495E-844F-09554FAC0B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "20037250-ACD8-4425-898E-A5E857E3D159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "6173ECB3-07D7-43D7-8B0A-C524C5E9F231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "753D71D6-4535-475D-96F1-42217F9ADE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "517783AC-5678-48B9-A3FE-BEDCE1176651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "577E45A9-D259-4DD3-803F-459640673865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10745BC1-9849-4C26-8CB4-7AF75323AF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "316892DC-5B62-45D4-B37D-6C0C2E384BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osgeo:mapserver:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DD8E01-7A50-49CF-B083-E796C56A37AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments."
},
{
"lang": "es",
"value": "mapserv.c en mapserv en MapServer en versiones anteriores a la 4.10.6 y 5.x en versiones anteriores a la 5.6.4 no restringe de manera apropiada el uso de argumentos de linea de comandos CGI que se establecieron para depuraci\u00f3n, lo que permite a atacantes remotos tener un impacto no especificado mediante argumentos manipulados."
}
],
"id": "CVE-2010-2540",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-02T22:00:01.297",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=127973381215859\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=127973754121922\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://trac.osgeo.org/mapserver/ticket/3485"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/41855"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127973381215859\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127973754121922\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://trac.osgeo.org/mapserver/ticket/3485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/41855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60852"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-59431 (GCVE-0-2025-59431)
Vulnerability from cvelistv5 – Published: 2025-09-19 19:29 – Updated: 2025-09-19 19:42
VLAI?
Title
MapServer - WFS XML Filter Query SQL injection
Summary
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipulate backend database queries. This vulnerability is fixed in 8.4.1.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59431",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T19:41:51.787495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T19:42:16.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MapServer",
"vendor": "MapServer",
"versions": [
{
"status": "affected",
"version": "\u003c 8.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipulate backend database queries. This vulnerability is fixed in 8.4.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T19:29:13.163Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/MapServer/MapServer/security/advisories/GHSA-256m-rx4h-r55w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/MapServer/MapServer/security/advisories/GHSA-256m-rx4h-r55w"
}
],
"source": {
"advisory": "GHSA-256m-rx4h-r55w",
"discovery": "UNKNOWN"
},
"title": "MapServer - WFS XML Filter Query SQL injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59431",
"datePublished": "2025-09-19T19:29:13.163Z",
"dateReserved": "2025-09-15T19:13:16.905Z",
"dateUpdated": "2025-09-19T19:42:16.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32062 (GCVE-0-2021-32062)
Vulnerability from cvelistv5 – Published: 2021-05-05 18:39 – Updated: 2024-08-03 23:17
VLAI?
Summary
MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:28.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mapserver.org/development/changelog/changelog-7-6.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mapserver.org/development/changelog/changelog-7-4.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mapserver.org/development/changelog/changelog-7-2.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mapserver.org/development/changelog/changelog-7-0.html"
},
{
"name": "FEDORA-2021-74dadee887",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNORAZCJ7AIPJFUY6WGLYIA3QVPWFXFY/"
},
{
"name": "FEDORA-2021-faab70f09a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVWUC4EOW5WZAZGPLRTZS5QXNUEBPQ5/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-03T02:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mapserver.org/development/changelog/changelog-7-6.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mapserver.org/development/changelog/changelog-7-4.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mapserver.org/development/changelog/changelog-7-2.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mapserver.org/development/changelog/changelog-7-0.html"
},
{
"name": "FEDORA-2021-74dadee887",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNORAZCJ7AIPJFUY6WGLYIA3QVPWFXFY/"
},
{
"name": "FEDORA-2021-faab70f09a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVWUC4EOW5WZAZGPLRTZS5QXNUEBPQ5/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mapserver.org/development/changelog/changelog-7-6.html",
"refsource": "MISC",
"url": "https://mapserver.org/development/changelog/changelog-7-6.html"
},
{
"name": "https://mapserver.org/development/changelog/changelog-7-4.html",
"refsource": "MISC",
"url": "https://mapserver.org/development/changelog/changelog-7-4.html"
},
{
"name": "https://mapserver.org/development/changelog/changelog-7-2.html",
"refsource": "MISC",
"url": "https://mapserver.org/development/changelog/changelog-7-2.html"
},
{
"name": "https://mapserver.org/development/changelog/changelog-7-0.html",
"refsource": "MISC",
"url": "https://mapserver.org/development/changelog/changelog-7-0.html"
},
{
"name": "FEDORA-2021-74dadee887",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNORAZCJ7AIPJFUY6WGLYIA3QVPWFXFY/"
},
{
"name": "FEDORA-2021-faab70f09a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVWUC4EOW5WZAZGPLRTZS5QXNUEBPQ5/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32062",
"datePublished": "2021-05-05T18:39:41",
"dateReserved": "2021-05-05T00:00:00",
"dateUpdated": "2024-08-03T23:17:28.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1678 (GCVE-0-2010-1678)
Vulnerability from cvelistv5 – Published: 2019-10-29 20:04 – Updated: 2024-08-07 01:35
VLAI?
Summary
Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1678"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-1678.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.osgeo.org/mapserver/ticket/3641"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T20:04:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1678"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-1678.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.osgeo.org/mapserver/ticket/3641"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-1678",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1678"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-1678.html",
"refsource": "MISC",
"url": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-1678.html"
},
{
"name": "https://trac.osgeo.org/mapserver/ticket/3641",
"refsource": "CONFIRM",
"url": "https://trac.osgeo.org/mapserver/ticket/3641"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1678",
"datePublished": "2019-10-29T20:04:51",
"dateReserved": "2010-04-30T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5522 (GCVE-0-2017-5522)
Vulnerability from cvelistv5 – Published: 2017-03-15 16:00 – Updated: 2024-08-05 15:04
VLAI?
Summary
Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:14.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-0-6.html#changelog-6-0-6"
},
{
"name": "[mapserver-dev] 20170118 MapServer 6.0.6, 6.2.4, 6.4.5 and 7.0.4 are released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mapserver.org/development/changelog/changelog-7-0.html#changelog-7-0-4"
},
{
"name": "DSA-3766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-2-4.html#changelog-6-2-4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-15T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-0-6.html#changelog-6-0-6"
},
{
"name": "[mapserver-dev] 20170118 MapServer 6.0.6, 6.2.4, 6.4.5 and 7.0.4 are released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mapserver.org/development/changelog/changelog-7-0.html#changelog-7-0-4"
},
{
"name": "DSA-3766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-2-4.html#changelog-6-2-4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df",
"refsource": "CONFIRM",
"url": "https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df"
},
{
"name": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-5",
"refsource": "CONFIRM",
"url": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-5"
},
{
"name": "http://www.mapserver.org/development/changelog/changelog-6-0-6.html#changelog-6-0-6",
"refsource": "CONFIRM",
"url": "http://www.mapserver.org/development/changelog/changelog-6-0-6.html#changelog-6-0-6"
},
{
"name": "[mapserver-dev] 20170118 MapServer 6.0.6, 6.2.4, 6.4.5 and 7.0.4 are released",
"refsource": "MLIST",
"url": "https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html"
},
{
"name": "http://www.mapserver.org/development/changelog/changelog-7-0.html#changelog-7-0-4",
"refsource": "CONFIRM",
"url": "http://www.mapserver.org/development/changelog/changelog-7-0.html#changelog-7-0-4"
},
{
"name": "DSA-3766",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3766"
},
{
"name": "http://www.mapserver.org/development/changelog/changelog-6-2-4.html#changelog-6-2-4",
"refsource": "CONFIRM",
"url": "http://www.mapserver.org/development/changelog/changelog-6-2-4.html#changelog-6-2-4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5522",
"datePublished": "2017-03-15T16:00:00",
"dateReserved": "2017-01-17T00:00:00",
"dateUpdated": "2024-08-05T15:04:14.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9839 (GCVE-0-2016-9839)
Vulnerability from cvelistv5 – Published: 2016-12-08 08:08 – Updated: 2024-08-06 02:59
VLAI?
Summary
In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mapserver/mapserver/pull/5356"
},
{
"name": "94856",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94856"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-14T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mapserver/mapserver/pull/5356"
},
{
"name": "94856",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94856"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mapserver/mapserver/pull/5356",
"refsource": "CONFIRM",
"url": "https://github.com/mapserver/mapserver/pull/5356"
},
{
"name": "94856",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94856"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9839",
"datePublished": "2016-12-08T08:08:00",
"dateReserved": "2016-12-05T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7262 (GCVE-0-2013-7262)
Vulnerability from cvelistv5 – Published: 2014-01-05 20:00 – Updated: 2024-08-06 18:01
VLAI?
Summary
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mapserver/mapserver/issues/4834"
},
{
"name": "64671",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64671"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-12T19:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mapserver/mapserver/issues/4834"
},
{
"name": "64671",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64671"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1",
"refsource": "CONFIRM",
"url": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1"
},
{
"name": "https://github.com/mapserver/mapserver/issues/4834",
"refsource": "CONFIRM",
"url": "https://github.com/mapserver/mapserver/issues/4834"
},
{
"name": "64671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64671"
},
{
"name": "https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed",
"refsource": "CONFIRM",
"url": "https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7262",
"datePublished": "2014-01-05T20:00:00",
"dateReserved": "2014-01-05T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2975 (GCVE-0-2011-2975)
Vulnerability from cvelistv5 – Published: 2011-08-01 20:00 – Updated: 2024-09-16 22:08
VLAI?
Summary
Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:32.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3939"
},
{
"name": "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-01T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3939"
},
{
"name": "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://trac.osgeo.org/mapserver/ticket/3939",
"refsource": "CONFIRM",
"url": "http://trac.osgeo.org/mapserver/ticket/3939"
},
{
"name": "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes",
"refsource": "MLIST",
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2975",
"datePublished": "2011-08-01T20:00:00Z",
"dateReserved": "2011-08-01T00:00:00Z",
"dateUpdated": "2024-09-16T22:08:46.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2704 (GCVE-0-2011-2704)
Vulnerability from cvelistv5 – Published: 2011-08-01 19:00 – Updated: 2024-08-06 23:08
VLAI?
Summary
Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3903"
},
{
"name": "mapserver-ogc-bo(68719)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68719"
},
{
"name": "45257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45257"
},
{
"name": "DSA-2285",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2285"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=723293"
},
{
"name": "[oss-security] 20110719 CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/14"
},
{
"name": "45368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45368"
},
{
"name": "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
},
{
"name": "48720",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48720"
},
{
"name": "[oss-security] 20110720 Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3903"
},
{
"name": "mapserver-ogc-bo(68719)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68719"
},
{
"name": "45257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45257"
},
{
"name": "DSA-2285",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2285"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=723293"
},
{
"name": "[oss-security] 20110719 CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/14"
},
{
"name": "45368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45368"
},
{
"name": "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
},
{
"name": "48720",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48720"
},
{
"name": "[oss-security] 20110720 Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/15"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2704",
"datePublished": "2011-08-01T19:00:00",
"dateReserved": "2011-07-11T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2703 (GCVE-0-2011-2703)
Vulnerability from cvelistv5 – Published: 2011-08-01 19:00 – Updated: 2024-08-06 23:08
VLAI?
Summary
Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45318"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3903"
},
{
"name": "[oss-security] 20110719 CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/11"
},
{
"name": "45257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45257"
},
{
"name": "DSA-2285",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2285"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=723293"
},
{
"name": "[oss-security] 20110719 CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/14"
},
{
"name": "45368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722545"
},
{
"name": "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
},
{
"name": "mapserver-multiple-sql-injection(68682)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68682"
},
{
"name": "48720",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48720"
},
{
"name": "[oss-security] 20110720 Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "45318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45318"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3903"
},
{
"name": "[oss-security] 20110719 CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/11"
},
{
"name": "45257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45257"
},
{
"name": "DSA-2285",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2285"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=723293"
},
{
"name": "[oss-security] 20110719 CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/14"
},
{
"name": "45368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722545"
},
{
"name": "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
},
{
"name": "mapserver-multiple-sql-injection(68682)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68682"
},
{
"name": "48720",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48720"
},
{
"name": "[oss-security] 20110720 Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/15"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2703",
"datePublished": "2011-08-01T19:00:00",
"dateReserved": "2011-07-11T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2540 (GCVE-0-2010-2540)
Vulnerability from cvelistv5 – Published: 2010-08-02 21:00 – Updated: 2024-08-07 02:39
VLAI?
Summary
mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:36.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[mapserver-users] 20100709 MapServer 5.6.4 and 4.10.6 released with important security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html"
},
{
"name": "41855",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41855"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3485"
},
{
"name": "[oss-security] 20100721 Re: CVE id request: mapserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=127973754121922\u0026w=2"
},
{
"name": "mapserver-cgi-code-execution(60852)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60852"
},
{
"name": "[oss-security] 20100721 CVE id request: mapserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=127973381215859\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[mapserver-users] 20100709 MapServer 5.6.4 and 4.10.6 released with important security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html"
},
{
"name": "41855",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41855"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3485"
},
{
"name": "[oss-security] 20100721 Re: CVE id request: mapserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=127973754121922\u0026w=2"
},
{
"name": "mapserver-cgi-code-execution(60852)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60852"
},
{
"name": "[oss-security] 20100721 CVE id request: mapserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=127973381215859\u0026w=2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2540",
"datePublished": "2010-08-02T21:00:00",
"dateReserved": "2010-06-30T00:00:00",
"dateUpdated": "2024-08-07T02:39:36.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59431 (GCVE-0-2025-59431)
Vulnerability from nvd – Published: 2025-09-19 19:29 – Updated: 2025-09-19 19:42
VLAI?
Title
MapServer - WFS XML Filter Query SQL injection
Summary
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipulate backend database queries. This vulnerability is fixed in 8.4.1.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59431",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T19:41:51.787495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T19:42:16.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MapServer",
"vendor": "MapServer",
"versions": [
{
"status": "affected",
"version": "\u003c 8.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipulate backend database queries. This vulnerability is fixed in 8.4.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T19:29:13.163Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/MapServer/MapServer/security/advisories/GHSA-256m-rx4h-r55w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/MapServer/MapServer/security/advisories/GHSA-256m-rx4h-r55w"
}
],
"source": {
"advisory": "GHSA-256m-rx4h-r55w",
"discovery": "UNKNOWN"
},
"title": "MapServer - WFS XML Filter Query SQL injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59431",
"datePublished": "2025-09-19T19:29:13.163Z",
"dateReserved": "2025-09-15T19:13:16.905Z",
"dateUpdated": "2025-09-19T19:42:16.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32062 (GCVE-0-2021-32062)
Vulnerability from nvd – Published: 2021-05-05 18:39 – Updated: 2024-08-03 23:17
VLAI?
Summary
MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:28.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mapserver.org/development/changelog/changelog-7-6.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mapserver.org/development/changelog/changelog-7-4.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mapserver.org/development/changelog/changelog-7-2.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mapserver.org/development/changelog/changelog-7-0.html"
},
{
"name": "FEDORA-2021-74dadee887",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNORAZCJ7AIPJFUY6WGLYIA3QVPWFXFY/"
},
{
"name": "FEDORA-2021-faab70f09a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVWUC4EOW5WZAZGPLRTZS5QXNUEBPQ5/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-03T02:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mapserver.org/development/changelog/changelog-7-6.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mapserver.org/development/changelog/changelog-7-4.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mapserver.org/development/changelog/changelog-7-2.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mapserver.org/development/changelog/changelog-7-0.html"
},
{
"name": "FEDORA-2021-74dadee887",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNORAZCJ7AIPJFUY6WGLYIA3QVPWFXFY/"
},
{
"name": "FEDORA-2021-faab70f09a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVWUC4EOW5WZAZGPLRTZS5QXNUEBPQ5/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mapserver.org/development/changelog/changelog-7-6.html",
"refsource": "MISC",
"url": "https://mapserver.org/development/changelog/changelog-7-6.html"
},
{
"name": "https://mapserver.org/development/changelog/changelog-7-4.html",
"refsource": "MISC",
"url": "https://mapserver.org/development/changelog/changelog-7-4.html"
},
{
"name": "https://mapserver.org/development/changelog/changelog-7-2.html",
"refsource": "MISC",
"url": "https://mapserver.org/development/changelog/changelog-7-2.html"
},
{
"name": "https://mapserver.org/development/changelog/changelog-7-0.html",
"refsource": "MISC",
"url": "https://mapserver.org/development/changelog/changelog-7-0.html"
},
{
"name": "FEDORA-2021-74dadee887",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNORAZCJ7AIPJFUY6WGLYIA3QVPWFXFY/"
},
{
"name": "FEDORA-2021-faab70f09a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVWUC4EOW5WZAZGPLRTZS5QXNUEBPQ5/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32062",
"datePublished": "2021-05-05T18:39:41",
"dateReserved": "2021-05-05T00:00:00",
"dateUpdated": "2024-08-03T23:17:28.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1678 (GCVE-0-2010-1678)
Vulnerability from nvd – Published: 2019-10-29 20:04 – Updated: 2024-08-07 01:35
VLAI?
Summary
Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1678"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-1678.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.osgeo.org/mapserver/ticket/3641"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T20:04:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1678"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-1678.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.osgeo.org/mapserver/ticket/3641"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-1678",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1678"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-1678.html",
"refsource": "MISC",
"url": "https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-1678.html"
},
{
"name": "https://trac.osgeo.org/mapserver/ticket/3641",
"refsource": "CONFIRM",
"url": "https://trac.osgeo.org/mapserver/ticket/3641"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1678",
"datePublished": "2019-10-29T20:04:51",
"dateReserved": "2010-04-30T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5522 (GCVE-0-2017-5522)
Vulnerability from nvd – Published: 2017-03-15 16:00 – Updated: 2024-08-05 15:04
VLAI?
Summary
Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:14.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-0-6.html#changelog-6-0-6"
},
{
"name": "[mapserver-dev] 20170118 MapServer 6.0.6, 6.2.4, 6.4.5 and 7.0.4 are released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mapserver.org/development/changelog/changelog-7-0.html#changelog-7-0-4"
},
{
"name": "DSA-3766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-2-4.html#changelog-6-2-4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-15T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-0-6.html#changelog-6-0-6"
},
{
"name": "[mapserver-dev] 20170118 MapServer 6.0.6, 6.2.4, 6.4.5 and 7.0.4 are released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mapserver.org/development/changelog/changelog-7-0.html#changelog-7-0-4"
},
{
"name": "DSA-3766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-2-4.html#changelog-6-2-4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df",
"refsource": "CONFIRM",
"url": "https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df"
},
{
"name": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-5",
"refsource": "CONFIRM",
"url": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-5"
},
{
"name": "http://www.mapserver.org/development/changelog/changelog-6-0-6.html#changelog-6-0-6",
"refsource": "CONFIRM",
"url": "http://www.mapserver.org/development/changelog/changelog-6-0-6.html#changelog-6-0-6"
},
{
"name": "[mapserver-dev] 20170118 MapServer 6.0.6, 6.2.4, 6.4.5 and 7.0.4 are released",
"refsource": "MLIST",
"url": "https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html"
},
{
"name": "http://www.mapserver.org/development/changelog/changelog-7-0.html#changelog-7-0-4",
"refsource": "CONFIRM",
"url": "http://www.mapserver.org/development/changelog/changelog-7-0.html#changelog-7-0-4"
},
{
"name": "DSA-3766",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3766"
},
{
"name": "http://www.mapserver.org/development/changelog/changelog-6-2-4.html#changelog-6-2-4",
"refsource": "CONFIRM",
"url": "http://www.mapserver.org/development/changelog/changelog-6-2-4.html#changelog-6-2-4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5522",
"datePublished": "2017-03-15T16:00:00",
"dateReserved": "2017-01-17T00:00:00",
"dateUpdated": "2024-08-05T15:04:14.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9839 (GCVE-0-2016-9839)
Vulnerability from nvd – Published: 2016-12-08 08:08 – Updated: 2024-08-06 02:59
VLAI?
Summary
In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mapserver/mapserver/pull/5356"
},
{
"name": "94856",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94856"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-14T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mapserver/mapserver/pull/5356"
},
{
"name": "94856",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94856"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mapserver/mapserver/pull/5356",
"refsource": "CONFIRM",
"url": "https://github.com/mapserver/mapserver/pull/5356"
},
{
"name": "94856",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94856"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9839",
"datePublished": "2016-12-08T08:08:00",
"dateReserved": "2016-12-05T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7262 (GCVE-0-2013-7262)
Vulnerability from nvd – Published: 2014-01-05 20:00 – Updated: 2024-08-06 18:01
VLAI?
Summary
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mapserver/mapserver/issues/4834"
},
{
"name": "64671",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64671"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-12T19:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mapserver/mapserver/issues/4834"
},
{
"name": "64671",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64671"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1",
"refsource": "CONFIRM",
"url": "http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1"
},
{
"name": "https://github.com/mapserver/mapserver/issues/4834",
"refsource": "CONFIRM",
"url": "https://github.com/mapserver/mapserver/issues/4834"
},
{
"name": "64671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64671"
},
{
"name": "https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed",
"refsource": "CONFIRM",
"url": "https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7262",
"datePublished": "2014-01-05T20:00:00",
"dateReserved": "2014-01-05T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2975 (GCVE-0-2011-2975)
Vulnerability from nvd – Published: 2011-08-01 20:00 – Updated: 2024-09-16 22:08
VLAI?
Summary
Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:32.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3939"
},
{
"name": "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-01T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3939"
},
{
"name": "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://trac.osgeo.org/mapserver/ticket/3939",
"refsource": "CONFIRM",
"url": "http://trac.osgeo.org/mapserver/ticket/3939"
},
{
"name": "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes",
"refsource": "MLIST",
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2975",
"datePublished": "2011-08-01T20:00:00Z",
"dateReserved": "2011-08-01T00:00:00Z",
"dateUpdated": "2024-09-16T22:08:46.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2704 (GCVE-0-2011-2704)
Vulnerability from nvd – Published: 2011-08-01 19:00 – Updated: 2024-08-06 23:08
VLAI?
Summary
Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3903"
},
{
"name": "mapserver-ogc-bo(68719)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68719"
},
{
"name": "45257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45257"
},
{
"name": "DSA-2285",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2285"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=723293"
},
{
"name": "[oss-security] 20110719 CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/14"
},
{
"name": "45368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45368"
},
{
"name": "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
},
{
"name": "48720",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48720"
},
{
"name": "[oss-security] 20110720 Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3903"
},
{
"name": "mapserver-ogc-bo(68719)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68719"
},
{
"name": "45257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45257"
},
{
"name": "DSA-2285",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2285"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=723293"
},
{
"name": "[oss-security] 20110719 CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/14"
},
{
"name": "45368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45368"
},
{
"name": "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
},
{
"name": "48720",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48720"
},
{
"name": "[oss-security] 20110720 Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/15"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2704",
"datePublished": "2011-08-01T19:00:00",
"dateReserved": "2011-07-11T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2703 (GCVE-0-2011-2703)
Vulnerability from nvd – Published: 2011-08-01 19:00 – Updated: 2024-08-06 23:08
VLAI?
Summary
Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45318"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3903"
},
{
"name": "[oss-security] 20110719 CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/11"
},
{
"name": "45257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45257"
},
{
"name": "DSA-2285",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2285"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=723293"
},
{
"name": "[oss-security] 20110719 CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/14"
},
{
"name": "45368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722545"
},
{
"name": "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
},
{
"name": "mapserver-multiple-sql-injection(68682)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68682"
},
{
"name": "48720",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48720"
},
{
"name": "[oss-security] 20110720 Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "45318",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45318"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.osgeo.org/mapserver/ticket/3903"
},
{
"name": "[oss-security] 20110719 CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/11"
},
{
"name": "45257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45257"
},
{
"name": "DSA-2285",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2285"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=723293"
},
{
"name": "[oss-security] 20110719 CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/19/14"
},
{
"name": "45368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722545"
},
{
"name": "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html"
},
{
"name": "mapserver-multiple-sql-injection(68682)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68682"
},
{
"name": "48720",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48720"
},
{
"name": "[oss-security] 20110720 Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/15"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2703",
"datePublished": "2011-08-01T19:00:00",
"dateReserved": "2011-07-11T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}