Описание
The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 5.4.2-1 |
| gutsy | ignored | end of life, was needed |
| hardy | released | 5.0.0-3ubuntu0.1 |
| intrepid | released | 5.0.3-2ubuntu0.1 |
| jaunty | released | 5.0.3-3ubuntu0.1 |
| karmic | not-affected | 5.4.2-1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
7.8 High
CVSS2
Связанные уязвимости
The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists.
The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and ...
The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists.
EPSS
7.8 High
CVSS2