CVE-2010-2540Mapserver vulnerability

CWE-2646 documents5 sources
Severity
10.0CRITICALNVD
EPSS
2.0%
top 16.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Osgeo MapserverDebian MapserverUMN Mapserver
Timeline
PublishedAug 2
Latest updateMay 13

Description

mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

debiandebian/mapserver< mapserver 5.6.4-1 (bookworm)
Debianosgeo/mapserver< 5.6.4-1+3
NVDosgeo/mapserver4.10.5+18
NVDumn/mapserver4.0

🔴Vulnerability Details

2
GHSA
GHSA-rvf8-gfc4-3j6f: mapserv2022-05-13
OSV
CVE-2010-2540: mapserv2010-08-02

📋Vendor Advisories

1
Debian
CVE-2010-2540: mapserver - mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not pr...2010

💬Community

2
Bugzilla
CVE-2010-2540 MapServer: Disable insecure mapserv CGI command-line debug args (Trac#3485)2010-07-22
Bugzilla
CVE-2010-2539 CVE-2010-2540 mapserver various flaws [fedora-all]2010-07-22
CVE-2010-2540 — Debian Mapserver vulnerability | cvebase