Debian Security Advisory 1914 mapserver – several vulnerabilities

31
Article Source Debian Security Advisories
October 21, 2009, 5:00 pm

Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2009-0843

    Missing input validation on a user supplied map queryfile name can be used by an attacker to check for the existence of a specific file by using the queryfile GET parameter and checking for differences in error messages.

  • CVE-2009-0842

    A lack of file type verification when parsing a map file can lead to partial disclosure of content from arbitrary files through parser error messages…