Detections
Analytics
MapServer < 5.6.4 / 4.10.6 Multiple Vulnerabilities
high Nessus Network Monitor Plugin ID 5611
Synopsis
The remote web server contains a CGI script that is vulnerable to multiple attack vectors.Description
The remote web server hosts MapServer, an open source platform for publishing spacial data and interactive mapping applications to the web.Versions of MapServer earlier than 5.6.4, or 4.10.6 are potentially affected by multiple vulnerabilities :
- A buffer overflow vulnerability in the 'ForcedTmpBase' parameter of 'msTmpFile()'. (Ticket 3484)
- Unspecified security vulnerabilities in multiple debug command-line arguments. (Ticket 3485)
Solution
Upgrade to MapServer 4.10.6, 5.6.4, or later.See Also
http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html
Plugin Details
Severity: High
ID: 5611
Family: CGI
Published: 7/22/2010
Updated: 3/6/2019
Nessus ID: 47861
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 7.3
Temporal Score: 6.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:umn:mapserver
Patch Publication Date: 7/9/2010
Vulnerability Publication Date: 7/9/2010
Reference Information
CVE: CVE-2010-2539, CVE-2010-2540
BID: 41855