MapServer Multiple Remote Vulnerabilities
High Nessus Plugin ID 26010
SynopsisThe remote web server contains CGI scripts that are prone to arbitrary remote command execution and cross-site scripting attacks.
DescriptionThe remote host is running MapServer, an open source internet map server.
The installed version of MapServer is affected by multiple cross-site scripting vulnerabilities and to a buffer overflow vulnerability. To exploit those flaws an attacker needs to send specially crafted requests to the mapserv CGI.
By exploiting the buffer overflow vulnerability, an attacker would be able to execute code on the remote host with the privileges of the web server.
SolutionUpgrade to MapServer 4.10.3.