icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MapServer < 4.10.5/5.2.3/5.4.2 Integer Overflow Vulnerability

High

Synopsis

The remote web server contains a CGI application that is vulnerable to a remote code execution attack.

Description

The remote web server is running a version of MapServer earlier than 4.10.5 / 5.2.3 / 5.4.2. Such versions are potentially affected by an integer-overflow vulnerability when the application handles large HTTP requests containing specially crafted 'Content-Length' values.

Solution

Upgrade to MapServer 4.10.5, 5.2.3, or 5.4.2.