GeoServer Memory Corruption Vulnerability Network Vulnerability

Summary

This host is installed with GeoServer and is prone to Memory Corruption vulnerability.

Impact

Successful attacks may lead to failure to report service exception if the code encoding the output calls flush() before having written the full contents to the output. Impact Level: Application

Solution

Upgrade to version 1.6.1 or 1.7.0-beta1 or later. http://geoserver.org/display/GEOS/Download

Insight

Error exists when PartialBufferOutputStream2 flushes the buffer contents even when it is handling an 'in memory buffer', which prevents the reporting of a service exception, with unknown impact and attack vectors.

Affected

GeoServer version before 1.6.1 and 1.7.0-beta1.

References

http://jira.codehaus.org/browse/GEOS-1747
http://osvdb.org/43266

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7227

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities