Published: 01/08/2011 Updated: 07/06/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in MapServer prior to 4.10.7 and 5.x prior to 5.6.7 allows remote malicious users to execute arbitrary code via vectors related to OGC filter encoding.

Vulnerable Product	Search on Vulmon	Subscribe to Product
osgeo mapserver 4.10.0
osgeo mapserver 4.10.2
osgeo mapserver 4.8.0
osgeo mapserver 4.4.0
osgeo mapserver 4.6.0
osgeo mapserver 4.10.5
osgeo mapserver 4.10.4
osgeo mapserver 4.2.0
osgeo mapserver
osgeo mapserver 4.10.3
osgeo mapserver 4.10.1
osgeo mapserver 5.2.0
osgeo mapserver 5.0.0
osgeo mapserver 5.4.2
osgeo mapserver 5.4.0
osgeo mapserver 5.6.0
umn mapserver 5.2.3
osgeo mapserver 5.2.1
osgeo mapserver 5.4.1
umn mapserver 5.6.4
umn mapserver 5.6.5
umn mapserver 5.6.6
umn mapserver 5.2.2
osgeo mapserver 5.6.1
osgeo mapserver 5.6.3

Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2703 Several instances of insufficient escaping of user input, leading to SQL injection attacks via OGC f ...

CWE-119 https://bugzilla.redhat.com/show_bug.cgi?id=723293 http://secunia.com/advisories/45257 http://www.openwall.com/lists/oss-security/2011/07/19/14 http://www.debian.org/security/2011/dsa-2285 http://trac.osgeo.org/mapserver/ticket/3903 http://www.securityfocus.com/bid/48720 http://www.openwall.com/lists/oss-security/2011/07/20/15 http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html http://secunia.com/advisories/45368 https://exchange.xforce.ibmcloud.com/vulnerabilities/68719 https://nvd.nist.gov https://www.debian.org/security/./dsa-2285

CVE-2011-2704

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect