Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MapServer < 4.10.5/5.2.3/5.4.2 Integer Overflow Vulnerability

High

Synopsis

The remote web server contains a CGI application that is vulnerable to a remote code execution attack.

Description

The remote web server is running a version of MapServer earlier than 4.10.5 / 5.2.3 / 5.4.2. Such versions are potentially affected by an integer-overflow vulnerability when the application handles large HTTP requests containing specially crafted 'Content-Length' values.

Solution

Upgrade to MapServer 4.10.5, 5.2.3, or 5.4.2.