Required CVE Record Information
Description
mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments.
References 6 Total
- lists.osgeo.org: [mapserver-users] 20100709 MapServer 5.6.4 and 4.10.6 released with important security fixes mailing-list
- securityfocus.com: 41855 vdb-entry
- http://trac.osgeo.org/mapserver/ticket/3485
- marc.info: [oss-security] 20100721 Re: CVE id request: mapserver mailing-list
- exchange.xforce.ibmcloud.com: mapserver-cgi-code-execution(60852) vdb-entry
- marc.info: [oss-security] 20100721 CVE id request: mapserver mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- lists.osgeo.org: [mapserver-users] 20100709 MapServer 5.6.4 and 4.10.6 released with important security fixes mailing-listx_transferred
- securityfocus.com: 41855 vdb-entryx_transferred
- http://trac.osgeo.org/mapserver/ticket/3485 x_transferred
- marc.info: [oss-security] 20100721 Re: CVE id request: mapserver mailing-listx_transferred
- exchange.xforce.ibmcloud.com: mapserver-cgi-code-execution(60852) vdb-entryx_transferred
- marc.info: [oss-security] 20100721 CVE id request: mapserver mailing-listx_transferred