[Chameleon-dev] [Bug 177] [wmsparse] security issue with wmsparse
and IIS
bugzilla-daemon at www.maptools.org
bugzilla-daemon at www.maptools.org
Mon Nov 8 15:22:47 EST 2004
http://www.maptools.org/bugzilla/show_bug.cgi?id=177
------- Additional Comments From jfournier at dmsolutions.ca 2004-11-08 15:22 -------
Verified: Win2K3, IIS6, Chameleon199b2, MS425.
Verified using the WMSBrowser widget in OGC Sample app. Had to give cmd.exe
read/execute permission for the parsing to work. Did not invesitage further as
it has already been suggested that modifying the wmsparse exe would be a
relatively simple process.
Perhaps this could also be addressed when executing the wmsparse exe in php. eg:
common/phpwms/server_data_manager.php line 840: exec( $cmd, $a, $retval );
I'm not sure if passthru() or system() would have the same requirements (or
limitations)?
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Chameleon-dev
mailing list