Mapserver for Windows CVE-2012-2950 Local File Include Vulnerability
BID:53737
CVE-2012-2950 |Info
Mapserver for Windows CVE-2012-2950 Local File Include Vulnerability
| Bugtraq ID: | 53737 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-2950 |
| Remote: | Yes |
| Local: | No |
| Published: | May 30 2012 12:00AM |
| Updated: | May 30 2012 12:00AM |
| Credit: | Mike Arnold |
| Vulnerable: |
Gateway Geomatics MapServer for Windows 3.0.4 Gateway Geomatics MapServer for Windows 2.0 |
| Not Vulnerable: |
Gateway Geomatics MapServer for Windows 3.0.6 |
Discussion
Mapserver for Windows CVE-2012-2950 Local File Include Vulnerability
Mapserver for Windows (MS4W) is prone to an unspecified local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute arbitrary local PHP scripts with the privileges of the affected application.
Mapserver for Windows versions 2.0 through 3.0.4 are vulnerable.
Mapserver for Windows (MS4W) is prone to an unspecified local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute arbitrary local PHP scripts with the privileges of the affected application.
Mapserver for Windows versions 2.0 through 3.0.4 are vulnerable.
Exploit / POC
Mapserver for Windows CVE-2012-2950 Local File Include Vulnerability
An attacker can exploit the issue with a browser.
An attacker can exploit the issue with a browser.
Solution / Fix
Mapserver for Windows CVE-2012-2950 Local File Include Vulnerability
Solution:
Updates are available. Please contact the vendor for more information.
Solution:
Updates are available. Please contact the vendor for more information.
References
Mapserver for Windows CVE-2012-2950 Local File Include Vulnerability
References:
References:
- MapServer for Windows - MS4W Homepage (Gateway Geomatics)
- Mapserver for Windows (MS4W) Remote Code Execution (Mike Arnold)