Opened 13 years ago
Last modified 13 years ago
#3903 closed defect
Security Vulnerabilities - Possible SQL Injection using OGC filter encoding — at Version 2
| Reported by: | assefa | Owned by: | assefa |
|---|---|---|---|
| Priority: | normal | Milestone: | 6.0.1 release |
| Component: | Security/Vulnerability (Public) | Version: | unspecified |
| Severity: | normal | Keywords: | |
| Cc: | dmorissette, sdlime, jmckenna, aboudreault |
Description (last modified by )
This ticket is to track fixes to prevent SQL injections through OGC filter encoding (in WMS, WFS and SOS), as well as a potential SQL injection in WMS time support.
Your system may be vulnerable if it has MapServer with OGC protocols enabled, with layers connecting to an SQL RDBMS backend, either natively or via OGR.
All versions of MapServer 4.x, 5.x and 6.x are potentially vulnerable. All users are strongly encouraged to upgrade to one of the latest releases with the fixes.
Change History (2)
comment:1 by , 13 years ago
| Cc: | added |
|---|---|
| Description: | modified (diff) |
| Milestone: | → 6.0.1 release |
comment:2 by , 13 years ago
| Cc: | added |
|---|---|
| Component: | WFS Server → Security/Vulnerability (Private) |
| Description: | modified (diff) |
| Summary: | Possible SQL Injection using filter encding → Security Vulnerabilities - Possible SQL Injection using OGC filter encoding |
Note:
See TracTickets
for help on using tickets.
