Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Osgeo
  • Mapserver
Umn
  • Mapserver

Configuration 1 [-]

OR cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.4.0:beta3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.6.0:beta3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.8.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.8.0:beta3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.0:beta3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.1:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.2:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.3:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.4:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:4.10.5:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:osgeo:mapserver:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.0.0:beta6:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.2.0:beta4:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.0:beta3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.0:beta4:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.4.2:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:5.6.3:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:5.6.4:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:5.6.5:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:5.6.6:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:umn:mapserver:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:beta6:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:beta7:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.0.0:rc2:*:*:*:*:*:*
References
Link Resource
http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html Patch
http://secunia.com/advisories/45257 Vendor Advisory
http://secunia.com/advisories/45318 Vendor Advisory
http://secunia.com/advisories/45368 Vendor Advisory
http://trac.osgeo.org/mapserver/ticket/3903 Patch
http://www.debian.org/security/2011/dsa-2285
http://www.openwall.com/lists/oss-security/2011/07/19/11 Patch
http://www.openwall.com/lists/oss-security/2011/07/19/14 Patch
http://www.openwall.com/lists/oss-security/2011/07/20/15 Patch
http://www.securityfocus.com/bid/48720
https://bugzilla.redhat.com/show_bug.cgi?id=722545 Patch
https://bugzilla.redhat.com/show_bug.cgi?id=723293 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/68682
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2011-08-01T19:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2011-07-11T00:00:00

Link: CVE-2011-2703

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2011-08-01T19:55:01.427

Modified: 2021-06-07T15:56:20.163

Link: CVE-2011-2703

JSON object: View

cve-icon Redhat Information

No data.

CWE