GeoServer Memory Corruption Vulnerability Network Vulnerability

Summary

This host is installed with GeoServer and is prone to Memory Corruption vulnerability.

Impact

Successful attacks may lead to failure to report service exception if the code encoding the output calls flush() before having written the full contents to the output. Impact Level: Application

Solution

Upgrade to version 1.6.1 or 1.7.0-beta1 or later. http://geoserver.org/display/GEOS/Download

Insight

Error exists when PartialBufferOutputStream2 flushes the buffer contents even when it is handling an 'in memory buffer', which prevents the reporting of a service exception, with unknown impact and attack vectors.

Affected

GeoServer version before 1.6.1 and 1.7.0-beta1.

References

http://jira.codehaus.org/browse/GEOS-1747
http://osvdb.org/43266

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7227

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
Adobe ColdFusion HTTP Response Splitting Vulnerability

Take action and discover your vulnerabilities