Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-2703

Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.

Related bugs and status

CVE-2011-2703 (Candidate) is related to these bugs:

Bug #809133: Possible SQL injection in WFS

		In	Importance	Status
809133	Possible SQL injection in WFS	mapserver (Ubuntu)	Undecided	Fix Released
809133	Possible SQL injection in WFS	mapserver (Ubuntu Hardy)	Undecided	Fix Released
809133	Possible SQL injection in WFS	mapserver (Ubuntu Lucid)	Undecided	Fix Released
809133	Possible SQL injection in WFS	mapserver (Ubuntu Natty)	Undecided	Fix Released
809133	Possible SQL injection in WFS	mapserver (Ubuntu Maverick)	Undecided	Fix Released
809133	Possible SQL injection in WFS	mapserver (Ubuntu Oneiric)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://www.debian.org/...
MISC: http://lists.osgeo.org...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://trac.osgeo.org/...
MISC: https://bugzilla.redha...
MISC: https://bugzilla.redha...
MISC: https://exchange.xforc...