Mapserver Security Vulnerabilities and Issues — Mapserver CVE List

Lucene search

OsgeoMapserver

5 matches found

CVE•added 2009/03/31 6:24 p.m.•64 views

CVE-2009-0843

The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists.

7.8CVSS6.4AI score0.01032EPSS

CVE•added 2019/10/29 9:15 p.m.•63 views

CVE-2010-1678

Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.

7.5CVSS7.5AI score0.00681EPSS

CVE•added 2011/08/01 7:55 p.m.•52 views

CVE-2011-2704

Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.

7.5CVSS8AI score0.06405EPSS

CVE•added 2011/08/01 7:55 p.m.•51 views

CVE-2011-2703

Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.

7.5CVSS8.4AI score0.01573EPSS

CVE•added 2016/12/08 8:59 a.m.•35 views

CVE-2016-9839

In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.

7.5CVSS7.2AI score0.00355EPSS