Detections
Analytics

MapServer for Windows (MS4W) Bundled Apache / PHP Configuration Local File Inclusion

critical Nessus Plugin ID 62788

Language:

Synopsis

The remote web server is affected by a local file inclusion vulnerability.

Description

The MapServer for Windows installation on the remote host is affected by a local file inclusion vulnerability due to an error in the bundled Apache and PHP configurations. Successful exploitation may allow an attacker to view arbitrary files on the remote host or allow the execution of arbitrary PHP code with SYSTEM privileges.

Solution

Update to version 3.0.6 or later.

See Also

https://seclists.org/bugtraq/2012/May/142

http://www.maptools.org/ms4w/index.phtml?page=HISTORY.txt

Plugin Details

Severity: Critical

ID: 62788

File Name: mapserver_ms4w_3_0_4_lfi.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 11/1/2012

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/a:maptools:ms4w

Required KB Items: www/ms4w

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 5/25/2012

Vulnerability Publication Date: 5/29/2012

Reference Information

CVE: CVE-2012-2950

BID: 53737