82 matches found
CVE-2023-41339
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an sld= parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles,...
CVE-2023-41877
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location ...
CVE-2023-5786
A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This vulnerability affects unknown code of the file /geoserver/gwc/rest.html. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the...
CVE-2023-51445
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2008-7227
PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors...
Exploit for Code Injection in Geoserver
⚠️ Disclaimer: This tool is intended only for security resea...
CVE-2024-36401
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...
CVE-2024-24749
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...
CVE-2024-35230
CVE-2024-35230 affects GeoServer (Java) where the welcome and about pages disclose version and revision information of the server and components. This information exposure can aid fingerprinting of the running software. The issue has been patched in version 2.26.0; users should upgrade to 2.26.0 ...
CVE-2024-35230 Welcome and About GeoServer pages communicate version and revision information
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use including library and components used. This information is sensitive...
CVE-2024-35230 Welcome and About GeoServer pages communicate version and revision information
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use including library and components used. This information is sensitive...
GeoServer < 2.23.5 Path Traversal
According to its banner, the version of GeoServer running on the remote host is prior to 2.23.5 or 2.24.0 prior to 2.24.3. It is, therefore, affected by a Path Traversal. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
GeoServer 2.24.0 < 2.24.2 Path Traversal
According to its banner, the version of GeoServer running on the remote host is prior to 2.23.5 or 2.24.0 prior to 2.24.2. It is, therefore, affected by an Arbitrary File Renaming. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...
GeoServer < 2.23.4 Path Traversal
According to its banner, the version of GeoServer running on the remote host is prior to 2.23.4. It is, therefore, affected by a Path Traversal. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
GeoServer 2.24.0 < 2.24.3 Path Traversal
According to its banner, the version of GeoServer running on the remote host is prior to 2.23.5 or 2.24.0 prior to 2.24.3. It is, therefore, affected by a Path Traversal. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
PT-2024-4472
Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 2.22.6 GeoServer versions prior to 2.23.6 GeoServer versions prior to 2.24.4 GeoServer versions prior to 2.25.2 Description GeoServer is an open-source server used for sharing and editing geospatial data. An issue...
GeoServer server-side request forgery vulnerability (CNVD-2024-14588)
GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. GeoServer suffers from a server-side request forgery vulnerability that stems from the fact that the OGC Web Processing Service WPS specification is designed to process information from an...
GeoServer Code Execution Vulnerability
GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. A code execution vulnerability exists in GeoServer. The vulnerability stems from java.lang.Runtime.getRuntime.exec in wps:LiteralData failing to correctly filter the special elements of th...
CVE-2023-26043 XML External Entity (XXE) injection in GeoServer style upload functionality
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version...
PT-2022-11312 · Geoserver · Geoserver
Name of the Vulnerable Software and Affected Versions: GeoServer versions 2.18.5 and earlier GeoServer versions 2.19.x through 2.19.2 Description: The issue allows for Server-Side Request Forgery SSRF via the option for setting a proxy host. This means an attacker could potentially force the serv...