Changes between Version 1 and Version 2 of Ticket #3903


Ignore:
Timestamp:
Jul 11, 2011, 12:44:38 PM (9 years ago)
Author:
dmorissette
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #3903

    • Property Cc sdlime jmckenna aboudreault added
    • Property Summary changed from Possible SQL Injection using filter encding to Security Vulnerabilities - Possible SQL Injection using OGC filter encoding
    • Property Component changed from WFS Server to Security/Vulnerability (Private)
  • Ticket #3903 – Description

    v1 v2  
    1 This ticket is to track fixes to prevent sql injections through filter encoding (WFS and WMS)
     1This ticket is to track fixes to prevent SQL injections through OGC filter encoding (in WMS, WFS and SOS), as well as a potential SQL injection in WMS time support.
     2
     3Your system may be vulnerable if it has MapServer with OGC protocols enabled, with layers connecting to an SQL RDBMS backend, either natively or via OGR.
     4
     5All versions of MapServer 4.x, 5.x and 6.x are potentially vulnerable. All users are ** strongly encouraged ** to upgrade to one of the latest releases with the fixes.