Описание
mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | |
| gutsy | ignored | end of life, was needed |
| hardy | released | 5.0.0-3ubuntu0.1 |
| intrepid | released | 5.0.3-2ubuntu0.1 |
| jaunty | released | 5.0.3-3ubuntu0.1 |
| karmic | not-affected | |
| upstream | released | 5.2.2-1 |
Показывать по
Ссылки на источники
4.3 Medium
CVSS2
Связанные уязвимости
mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.
mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows rem ...
mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.
4.3 Medium
CVSS2