Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2703

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-2703
Last Modified 05 Aug 2011 12:00:00
Published 01 Aug 2011 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2703

Summary

Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.

Vulnerable Systems

Application

  • Umn Mapserver 4.10

  • Umn Mapserver 4.10.0

  • Umn Mapserver 4.10.1

  • Umn Mapserver 4.10.2

  • Umn Mapserver 4.10.3

  • Umn Mapserver 4.10.4

  • Umn Mapserver 4.10.5

  • Umn Mapserver 4.10.6

  • Umn Mapserver 4.2

  • Umn Mapserver 4.4.0

  • Umn Mapserver 4.6.0

  • Umn Mapserver 4.8

  • Umn Mapserver 5.0.0

  • Umn Mapserver 5.2.0

  • Umn Mapserver 5.2.1

  • Umn Mapserver 5.2.2

  • Umn Mapserver 5.2.3

  • Umn Mapserver 5.4.0

  • Umn Mapserver 5.4.1

  • Umn Mapserver 5.4.2

  • Umn Mapserver 5.6.0

  • Umn Mapserver 5.6.1

  • Umn Mapserver 5.6.3

  • Umn Mapserver 5.6.4

  • Umn Mapserver 5.6.5

  • Umn Mapserver 5.6.6

  • Umn Mapserver 6.0.0


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=723293

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=722545

MLIST - [oss-security] 20110720 Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]

MLIST - [oss-security] 20110719 CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]

MLIST - [oss-security] 20110719 CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.

CONFIRM - http://trac.osgeo.org/mapserver/ticket/3903

MLIST - [mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes

XF - mapserver-multiple-sql-injection(68682)

BID - 48720

DEBIAN - DSA-2285

SECUNIA - 45368

SECUNIA - 45318

SECUNIA - 45257


Last Updated: 27 May 2016 10:57:05