Vulnerability in Osgeo Mapserver
CVE-2010-2540
mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted…
EPSS: 0.020 (83.9th percentile) — read the EPSS interpretation.
Affected products
- Osgeo Mapserver — versions 5.2.0, 5.4.1, 4.8.0
- Umn Mapserver — versions 4.0
- N/a — versions n/a
Weakness classification (CWE)
References
- [mapserver-users] 20100709 MapServer 5.6.4 and 4.10.6 released with important security fixes (mailing-list, x_refsource_MLIST)
- 41855 (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_CONFIRM)
- [oss-security] 20100721 Re: CVE id request: mapserver (mailing-list, x_refsource_MLIST)
- mapserver-cgi-code-execution(60852) (vdb-entry, x_refsource_XF)
- [oss-security] 20100721 CVE id request: mapserver (mailing-list, x_refsource_MLIST)