CVE-2010-2540

Severity

99%

Complexity

99%

Confidentiality

165%

mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments.

mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

University of Minnesota Mapserver

First reported 14 years ago

2010-08-02 22:00:00

Last updated 7 years ago

2017-08-17 01:32:00

Affected Software

University of Minnesota Mapserver 4.2 beta1

4.2

University of Minnesota Mapserver 4.4.0

4.4.0

University of Minnesota Mapserver 4.4.0 beta1

4.4.0

University of Minnesota Mapserver 4.4.0 beta2

4.4.0

University of Minnesota Mapserver 4.4.0 beta3

4.4.0

University of Minnesota Mapserver 4.6.0

4.6.0

University of Minnesota Mapserver 4.6.0 beta1

4.6.0

University of Minnesota Mapserver 4.6.0 beta2

4.6.0

University of Minnesota Mapserver 4.6.0 beta3

4.6.0

University of Minnesota Mapserver 4.6.0 release candidate 1

4.6.0

University of Minnesota Mapserver 4.8 beta1

4.8

University of Minnesota Mapserver 4.8 beta2

4.8

University of Minnesota Mapserver 4.8 beta3

4.8

University of Minnesota Mapserver 4.8 release candidate 1

4.8

University of Minnesota Mapserver 4.8 release candidate 2

4.8

University of Minnesota Mapserver 4.10 beta1

4.10

University of Minnesota Mapserver 4.10 beta2

4.10

University of Minnesota Mapserver 4.10 beta3

4.10

University of Minnesota Mapserver 4.10 release candidate 1

4.10

University of Minnesota Mapserver 4.10.0

4.10.0

University of Minnesota Mapserver 4.10.1

4.10.1

University of Minnesota Mapserver 4.10.2

4.10.2

University of Minnesota Mapserver 4.10.3

4.10.3

University of Minnesota Mapserver 4.10.4

4.10.4

University of Minnesota Mapserver 5.0.0

5.0.0

University of Minnesota Mapserver 5.0.0 beta1

5.0.0

University of Minnesota Mapserver 5.0.0 beta2

5.0.0

University of Minnesota Mapserver 5.0.0 beta3

5.0.0

University of Minnesota Mapserver 5.0.0 beta4

5.0.0

University of Minnesota Mapserver 5.0.0 beta5

5.0.0

University of Minnesota Mapserver 5.0.0 beta6

5.0.0

University of Minnesota Mapserver 5.0.0 release candidate 1

5.0.0

University of Minnesota Mapserver 5.0.0 release candidate 2

5.0.0

University of Minnesota Mapserver 5.2.0

5.2.0

University of Minnesota Mapserver 5.2.0 beta1

5.2.0

University of Minnesota Mapserver 5.2.0 beta2

5.2.0

University of Minnesota Mapserver 5.2.0 beta3

5.2.0

University of Minnesota Mapserver 5.2.0 beta4

5.2.0

University of Minnesota Mapserver 5.2.0 release candidate 1

5.2.0

University of Minnesota Mapserver 5.2.1

5.2.1

University of Minnesota Mapserver 5.4.0

5.4.0

University of Minnesota Mapserver 5.4.0 beta1

5.4.0

University of Minnesota Mapserver 5.4.0 beta2

5.4.0

University of Minnesota Mapserver 5.4.0 beta3

5.4.0

University of Minnesota Mapserver 5.4.0 beta4

5.4.0

University of Minnesota Mapserver 5.4.0 release candidate 1

5.4.0

University of Minnesota Mapserver 5.4.0 release candidate 2

5.4.0

University of Minnesota Mapserver 5.4.1

5.4.1

University of Minnesota Mapserver 5.4.2

5.4.2

University of Minnesota Mapserver 5.6.0

5.6.0

University of Minnesota Mapserver 5.6.1

5.6.1

References

[mapserver-users] 20100709 MapServer 5.6.4 and 4.10.6 released with important security fixes

[oss-security] 20100721 CVE id request: mapserver

[oss-security] 20100721 Re: CVE id request: mapserver

http://trac.osgeo.org/mapserver/ticket/3485

41855

mapserver-cgi-code-execution(60852)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.